CVE-2024-10916

🗓️ 06 Nov 2024 15:00:08Reported by VulDBType

A problematic vulnerability found in D-Link DNS devices, allowing remote information disclosure via HTTP GET Request Handler

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software systems allows a hacker to disclose confidential information.	14 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-10916	6 Nov 202415:08	–	circl
CNNVD	D-Link DNS-320 访问控制错误漏洞	6 Nov 202400:00	–	cnnvd
Cvelist	CVE-2024-10916 D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure	6 Nov 202415:00	–	cvelist
EUVD	EUVD-2024-33346	3 Oct 202520:07	–	euvd
NVD	CVE-2024-10916	6 Nov 202415:15	–	nvd
OpenVAS	D-Link Multiple DNS NAS Devices Multiple Vulnerabilities (2024 - 2025)	30 Jun 202500:00	–	openvas
Positive Technologies	PT-2024-7983 · D Link · D-Link Dns-320 +2	6 Nov 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-10916	23 May 202506:23	–	redhatcve
Vulnrichment	CVE-2024-10916 D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure	6 Nov 202415:00	–	vulnrichment

NVD

Vulners

Vulnrichment

Node

dlink dns-320_firmware

AND

dlink dns-320Match-

Node

dlink dns-320lw_firmware

AND

dlink dns-320lwMatch-

Node

dlink dns-325_firmware

AND

dlink dns-325Match-

Node

dlink dns-340l_firmware

AND

dlink dns-340lMatch-

[
  {
    "vendor": "D-Link",
    "product": "DNS-320",
    "versions": [
      {
        "version": "20241028",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-320LW",
    "versions": [
      {
        "version": "20241028",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-325",
    "versions": [
      {
        "version": "20241028",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-340L",
    "versions": [
      {
        "version": "20241028",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  }
]

Source	Link
netsecfish	www.netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6
vuldb	www.vuldb.com/
dlink	www.dlink.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

08 Nov 2024 20:11Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.15.3

CVSS 25

CVSS 46.9

CVSS 35.3

EPSS0.01061

SSVC