Lucene search

[email protected]CVE-2024-3274

HistoryApr 04, 2024 - 2:15 a.m.

CVE-2024-3274

2024-04-0402:15:07

CWE-200

[email protected]

web.nvd.nist.gov

vulnerability

d-link

information disclosure

http

remote attack

end-of-life

replacement

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

15.1%

JSON

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

VendorProductVersionCPE
d\-linkdns\-320l_firmware20240403cpe:2.3:o:d\-link:dns\-320l_firmware:20240403:*:*:*:*:*:*:*
d\-linkdns\-320lw_firmware20240403cpe:2.3:o:d\-link:dns\-320lw_firmware:20240403:*:*:*:*:*:*:*
d\-linkdns\-327l_firmware20240403cpe:2.3:o:d\-link:dns\-327l_firmware:20240403:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
d\-link	dns\-320l_firmware	20240403	cpe:2.3:o:d\-link:dns\-320l_firmware:20240403:::::::*
d\-link	dns\-320lw_firmware	20240403	cpe:2.3:o:d\-link:dns\-320lw_firmware:20240403:::::::*
d\-link	dns\-327l_firmware	20240403	cpe:2.3:o:d\-link:dns\-327l_firmware:20240403:::::::*

References

github.com/netsecfish/info_cgi

supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383

vuldb.com/?ctiid.259285

vuldb.com/?id.259285

vuldb.com/?submit.304706

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

15.1%

JSON

Related for CVE-2024-3274

cvelist1 openvas1