Lucene search
K

DLink DIR-859 1.05 & 1.06B01 Path Traversal

🗓️ 03 Jul 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

DLink DIR-859 versions prior to 1.07b03 have a critical path traversal vulnerability identified as CVE-2024-0769

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(241294);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/04");

  script_cve_id("CVE-2024-0769");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2025/07/16");

  script_name(english:"DLink DIR-859 1.05 & 1.06B01 Path Traversal");

  script_set_attribute(attribute:"synopsis", value:
"A web application is affected by a path traversal vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of DLink installed on the remote host is prior to 1.07b03. It is, therefore, affected by  
a path traversal vulnerability as referenced in the vendor advisory.  

  - A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this 
    issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. 
    The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/
    DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been 
    disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. 
    NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 
    NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should 
    be retired and replaced. (CVE-2024-0769)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3cd2c718");
  # https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f1b180c");
  script_set_attribute(attribute:"solution", value:
"See vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-0769");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:dlink:dir");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("dlink_dir_www_detect.nbin");
  script_require_keys("installed_sw/DLink DIR");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::combined_get_app_info(app:'DLink DIR'); 
var constraints = [
  { 'DIR-859': 
    {'constraints': [
        {'equal' : '1.06B01', 'fixed_display' : 'See vendor advisory'}
      ]
    }
  }
];

var tmp = NULL;
if(!empty_or_null(app_info.model))
{
  for (var i=0; i<max_index(constraints); i++)
  {
    tmp = constraints[i][app_info.model]['constraints'];

    if (!empty_or_null(tmp))
      vcf::check_version_and_report(app_info:app_info, constraints:tmp, severity:SECURITY_HOLE);
    else vcf::audit();
  }
}
else exit(0, 'DLink DIR device model not detected');

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Jul 2025 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.15.3 - 9.8
CVSS 25
CVSS 35.3
EPSS0.82714
SSVC
9