Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2024-0717

Disclosure Date: January 19, 2024 •

CVE-2024-0717 CVSS v3 Base Score: 5.3

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.3 Medium

Impact Score:

1.4

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

Low

Integrity (I):

None

Availability (A):

None

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

DAP-1360 20240112

DIR-300 20240112

DIR-615 20240112

DIR-615GF 20240112

DIR-615S 20240112

DIR-615T 20240112

DIR-620 20240112

DIR-620S 20240112

DIR-806A 20240112

DIR-815 20240112

DIR-815AC 20240112

DIR-815S 20240112

DIR-816 20240112

DIR-820 20240112

DIR-822 20240112

DIR-825 20240112

DIR-825AC 20240112

DIR-825ACF 20240112

DIR-825ACG1 20240112

DIR-841 20240112

DIR-842 20240112

DIR-842S 20240112

DIR-843 20240112

DIR-853 20240112

DIR-878 20240112

DIR-882 20240112

DIR-1210 20240112

DIR-1260 20240112

DIR-2150 20240112

DIR-X1530 20240112

DIR-X1860 20240112

DSL-224 20240112

DSL-245GR 20240112

DSL-2640U 20240112

DSL-2750U 20240112

DSL-G2452GR 20240112

DVG-5402G 20240112

DVG-5402GFRU 20240112

DVG-N5402G 20240112

DVG-N5402G-IL 20240112

DWM-312W 20240112

DWM-321 20240112

DWR-921 20240112

DWR-953 20240112

Good Line Router v2 20240112

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

dlink

Products

References

Canonical

CVE-2024-0717 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0717)

Miscellaneous

https://vuldb.com/?id.251542

https://vuldb.com/?ctiid.251542

https://github.com/999zzzzz/D-Link

Rapid7

Unknown

CVE-2024-0717

Unknown

Unknown

None

None

Network

CVE-2024-0717

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-0717

Unknown

Unknown

None

None

Network

CVE-2024-0717

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification