Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310170477
HistoryMay 23, 2023 - 12:00 a.m.

D-Link Multiple DIR Devices Multiple Vulnerabilities (Sep 2022)

2023-05-2300:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON

Multiple D-Link DIR devices are prone to multiple
vulnerabilities.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.170477");
  script_version("2023-11-21T05:05:52+0000");
  script_tag(name:"last_modification", value:"2023-11-21 05:05:52 +0000 (Tue, 21 Nov 2023)");
  script_tag(name:"creation_date", value:"2023-05-23 09:03:02 +0000 (Tue, 23 May 2023)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-05-26 02:55:00 +0000 (Thu, 26 May 2022)");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"WillNotFix");

  script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
  script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
  script_cve_id("CVE-2015-2051", "CVE-2018-6530", "CVE-2022-26258", "CVE-2022-28958");

  script_name("D-Link Multiple DIR Devices Multiple Vulnerabilities (Sep 2022)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_dlink_dir_consolidation.nasl");
  script_mandatory_keys("d-link/dir/detected");

  script_tag(name:"summary", value:"Multiple D-Link DIR devices are prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The Mirai BotNet variant MooBot leverages several vulnerabilities
  to compromise D-Link devices.");

  script_tag(name:"affected", value:"D-Link DIR-300, DIR-600, DIR-601, DIR-629, DIR-645, DIR-815,
  DIR-816L, DIR-817Lx, DIR-818Lx, DIR-820Lx, DIR-825, DIR-850L, DIR-860L, DIR-865L, DIR-868L,
  DIR-880L, DIR-885L/R, DIR-890L/R and DIR-895L/R devices.");

  script_tag(name:"solution", value:"No solution was made available by the vendor. General solution
  options are to upgrade to a newer release, disable respective features, remove the product or
  replace the product by another one.

  Note: Vendor states that all models reached their End-of-Support Date, they are no longer
  supported, and firmware development has ceased. See vendor advisory for further recommendations.");

  script_xref(name:"URL", value:"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10300");
  script_xref(name:"URL", value:"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10302");
  script_xref(name:"URL", value:"https://unit42.paloaltonetworks.com/moobot-d-link-devices/");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

cpe_list = make_list( "cpe:/o:dlink:dir-300_firmware",
                      "cpe:/o:dlink:dir-600_firmware",
                      "cpe:/o:dlink:dir-601_firmware",
                      "cpe:/o:dlink:dir-629_firmware",
                      "cpe:/o:dlink:dir-645_firmware",
                      "cpe:/o:dlink:dir-815_firmware",
                      "cpe:/o:dlink:dir-816l_firmware",
                      "cpe:/o:dlink:dir-817lw_firmware",
                      "cpe:/o:dlink:dir-818lw_firmware",
                      "cpe:/o:dlink:dir-820l_firmware",
                      "cpe:/o:dlink:dir-820lw_firmware",
                      "cpe:/o:dlink:dir-825_firmware",
                      "cpe:/o:dlink:dir-850l_firmware",
                      "cpe:/o:dlink:dir-860l_firmware",
                      "cpe:/o:dlink:dir-865l_firmware",
                      "cpe:/o:dlink:dir-868l_firmware",
                      "cpe:/o:dlink:dir-880l_firmware",
                      "cpe:/o:dlink:dir-885l%2fr_firmware",
                      "cpe:/o:dlink:dir-890l%2fr_firmware",
                      "cpe:/o:dlink:dir-895l%2fr_firmware");

if ( ! infos = get_app_port_from_list( cpe_list:cpe_list ) )
  exit( 0 );

cpe = infos["cpe"];
port = infos["port"];

if ( ! version = get_app_version( cpe:cpe, nofork:TRUE ) )
  exit( 0 );

report = report_fixed_ver( installed_version:version, fixed_version:"None" );
security_message( port:port, data:report );
exit( 0 );

Related

thn 1
openvas 4
cve 5
attackerkb 5
prion 5
nessus 2
checkpoint_advisories 4
cisa_kev 3
zdt 1
nuclei 1
cisa 1
thn
thn
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities
2022-09-07 06:57:00
openvas
openvas
D-Link DAP-1522 Devices Multiple Vulnerabilities (Sep 2022)
2023-05-23 00:00:00
D-Link DIR-820L Devices RCE Vulnerability (Mar 2022)
2023-02-23 00:00:00
D-Link DIR Routers OS Command Injection Vulnerability (Mar 2018)
2018-03-21 00:00:00
cve
cve
CVE-2022-28958
2022-05-18 12:15:00
CVE-2015-2051
2015-02-23 17:59:00
CVE-2022-26258
2022-03-28 00:15:00
attackerkb
attackerkb
CVE-2022-28958
2022-10-03 00:00:00
CVE-2015-2051
2015-02-23 00:00:00
CVE-2022-26258
2022-03-28 00:00:00
prion
prion
Design/Logic Flaw
2022-05-18 12:15:00
Design/Logic Flaw
2015-02-23 17:59:00
Command injection
2022-03-28 00:15:00
nessus
nessus
D-Link Router HNAP GetDeviceSettings Remote Command Execution
2015-06-10 00:00:00
D-Link Routers Unauthenticated RCE (CVE-2022-26258)
2023-03-01 00:00:00
checkpoint_advisories
checkpoint_advisories
D-Link DIR-820L Command Injection (CVE-2022-26258)
2022-05-02 00:00:00
D-Link Multiple Products Command Injection (CVE-2018-6530)
2022-09-20 00:00:00
D-Link Multiple Products Remote Code Execution (CVE-2015-2051; CVE-2022-37056)
2018-10-03 00:00:00
cisa_kev
cisa_kev
D-Link DIR-645 Router Remote Code Execution Vulnerability
2022-02-10 00:00:00
D-Link Multiple Routers OS Command Injection Vulnerability
2022-09-08 00:00:00
D-Link DIR-820L Remote Code Execution Vulnerability
2022-09-08 00:00:00
zdt
zdt
D-Link Devices HNAP SOAPAction-Header Command Execution Exploit
2015-06-02 00:00:00
nuclei
nuclei
D-Link - Unauthenticated Remote Code Execution
2022-10-02 13:15:14
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.971 High

EPSS

Percentile

99.8%

JSON
Related for OPENVAS:1361412562310170477
thn1openvas4cve5attackerkb5prion5nessus2checkpoint_advisories4cisa_kev3zdt1nuclei1cisa1