Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentVulDBVULNRICHMENT:CVE-2024-3274
HistoryApr 04, 2024 - 1:31 a.m.

CVE-2024-3274 D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure

2024-04-0401:31:04
CWE-200
VulDB
github.com
1
vulnerability
d-link
information disclosure
http get request
remote attack
unsupported product
end-of-life
manipulation
vdb-259285
replace

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:h:d-link:dns-320l:*:*:*:*:*:*:*:*"
    ],
    "vendor": "d-link",
    "product": "dns-320l",
    "versions": [
      {
        "status": "affected",
        "version": "20240403"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:d-link:dns-320lw:*:*:*:*:*:*:*:*"
    ],
    "vendor": "d-link",
    "product": "dns-320lw",
    "versions": [
      {
        "status": "affected",
        "version": "20240403"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:d-link:dns-327l:*:*:*:*:*:*:*:*"
    ],
    "vendor": "d-link",
    "product": "dns-327l",
    "versions": [
      {
        "status": "affected",
        "version": "20240403"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

cve 1
nvd 1
nuclei 1
cvelist 1
openvas 1
cve
cve
CVE-2024-3274
2024-04-04 02:15:07
nvd
nvd
CVE-2024-3274
2024-04-04 02:15:07
nuclei
nuclei
D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure
2024-06-18 05:41:12
cvelist
cvelist
CVE-2024-3274 D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure
2024-04-04 01:31:04
openvas
openvas
D-Link DNS/DNR Devices Multiple Vulnerabilities (SAP10383) - Active Check
2024-04-09 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-3274
cve1nvd1nuclei1cvelist1openvas1