Lucene search

MitreCVE-2024-44408

HistorySep 06, 2024 - 4:15 p.m.

CVE-2024-44408

2024-09-0616:15:03

CWE-200

CWE-862

mitre

web.nvd.nist.gov

d-link

dir-823g

information disclosure

configuration files

plaintext passwords

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

34.9%

JSON

D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.

Affected configurations

Nvd

Node

dlinkdir-823g_firmwareMatch1.0.2b05_20181207

AND

dlinkdir-823gMatch-

VendorProductVersionCPE
dlinkdir-823g_firmware1.0.2b05_20181207cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05_20181207:*:*:*:*:*:*:*
dlinkdir-823g-cpe:2.3:h:dlink:dir-823g:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dir-823g_firmware	1.0.2b05_20181207	cpe:2.3:o:dlink:dir-823g_firmware:1.0.2b05_20181207:::::::*
dlink	dir-823g	-	cpe:2.3:h:dlink:dir-823g:-:::::::*

References

github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/CVE-2024-44408

github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/DIR-823G.md

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

34.9%

JSON

Related for CVE-2024-44408