The vulnerability of the /cgi-bin/widget_api.cgi file of the Web Management Interface component of the D-Link DNS-320 router’s microprogramming system allows a hacker to disclose confidential information.

🗓️ 30 Sep 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

Vulnerability in D-Link DNS 320 widget interface could leak confidential data via getHD,getSer,getSys

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-8460	5 Sep 202414:40	–	circl
CNNVD	D-Link DNS-320 信息泄露漏洞	5 Sep 202400:00	–	cnnvd
CNVD	D-Link DNS-320 Information Disclosure Vulnerability (CNVD-2025-18474)	10 Sep 202400:00	–	cnvd
CVE	CVE-2024-8460	5 Sep 202412:00	–	cve
Cvelist	CVE-2024-8460 D-Link DNS-320 Web Management Interface widget_api.cgi information disclosure	5 Sep 202412:00	–	cvelist
EUVD	EUVD-2024-49194	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8460	5 Sep 202412:15	–	nvd
Positive Technologies	PT-2024-6451 · D Link · D-Link Dns-320	4 Sep 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-8460	23 May 202508:27	–	redhatcve
Vulnrichment	CVE-2024-8460 D-Link DNS-320 Web Management Interface widget_api.cgi information disclosure	5 Sep 202412:00	–	vulnrichment

Vulners

Node

d-link di-8400Match16.07.26a1

Source	Link
github	www.github.com/leetsun/IoT-Vuls/tree/main/Dlink-dns320/1
supportannouncement	www.supportannouncement.us.dlink.com/security/publication.aspx
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
dlink	www.dlink.com/
web	www.web.nvd.nist.gov/view/vuln/detail

30 Sep 2024 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 25.4

CVSS 35.9

EPSS0.02058

widget interface vulnerability web management interface confidential data exposure