Lucene search

K
cvelistVulDBCVELIST:CVE-2024-3274
HistoryApr 04, 2024 - 1:31 a.m.

CVE-2024-3274 D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure

2024-04-0401:31:04
CWE-200
VulDB
www.cve.org
vulnerability
d-link
http
information disclosure
remote attack
end-of-life

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

CNA Affected

[
  {
    "vendor": "D-Link",
    "product": "DNS-320L",
    "versions": [
      {
        "version": "20240403",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-320LW",
    "versions": [
      {
        "version": "20240403",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  },
  {
    "vendor": "D-Link",
    "product": "DNS-327L",
    "versions": [
      {
        "version": "20240403",
        "status": "affected"
      }
    ],
    "modules": [
      "HTTP GET Request Handler"
    ]
  }
]

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Related for CVELIST:CVE-2024-3274