Lucene search

[email protected]NVD:CVE-2024-40505

HistoryJul 16, 2024 - 8:15 p.m.

CVE-2024-40505

2024-07-1620:15:03

CWE-35

[email protected]

web.nvd.nist.gov

directory traversal

d-link dap-1650

firmware v.1.03

privilege escalation

hedwig.cgi

CVSS3

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.3%

JSON

UNSUPPORTED WHEN ASSIGNED Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.

References

coldwx.github.io/CVE-2024-40505.html

supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10266

CVSS3

9.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.3%

JSON

Related for NVD:CVE-2024-40505

vulnrichment1 openvas1 cvelist1 cve1