Lucene search

[email protected]CVE-2020-9376

HistoryJul 09, 2020 - 1:15 p.m.

CVE-2020-9376

2020-07-0913:15:00

CWE-74

[email protected]

web.nvd.nist.gov

cve-2020-9376

d-link dir-610

information disclosure

getcfg.php

nvd

cvss

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.97 High

EPSS

Percentile

99.7%

JSON

D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

CPENameOperatorVersion
dlink:dir-610_firmwaredlink dir-610 firmwareeq-

CPE	Name	Operator	Version
dlink:dir-610_firmware	dlink dir-610 firmware	eq	-

References

gist.github.com/GouveaHeitor/dcbb67b301cc45adc00f8a6a2a0a590f

supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182

www.dlink.com.br/produto/dir-610/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.9 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.97 High

EPSS

Percentile

99.7%

JSON

Related for CVE-2020-9376

prion1 nuclei1 nessus1 githubexploit2 openvas1