CVSS: 5.3EPSS: 0%CPEs: 88EXPL: 1CVE-2024-0717 – D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure
https://notcve.org/view.php?id=CVE-2024-0717
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/999zzzzz/D-Link https://vuldb.com/?ctiid.251542 https://vuldb.com/?id.251542 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 22%CPEs: 8EXPL: 0CVE-2021-42627
https://notcve.org/view.php?id=CVE-2021-42627
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. La página de configuración de la WAN "wan.htm" en los dispositivos D-Link DIR-615 con el firmware versión 20.06, puede ser accedida directamente sin autenticación lo que puede conllevar a divulgar la información sobre la configuración de la WAN y también aprovechar el atacante para modificar los campos de datos de la página. • http://d-link.com http://dlink.com https://github.com/sanjokkarki/D-Link-DIR-615/blob/main/CVE-2021-42627 https://www.dlink.com/en/security-bulletin •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17353
https://notcve.org/view.php?id=CVE-2019-17353
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. Se detectó un problema en los dispositivos D-Link DIR-615 con la versión de firmware 20.05 y 20.07. La página wan.htm puede ser accedida directamente sin autenticación, lo que puede conllevar a la divulgación de información sobre la WAN, y también puede ser aprovechada por un atacante para modificar los campos de datos de la página. • https://github.com/d0x0/D-Link-DIR-615/blob/master/CVE-2019-17353 https://us.dlink.com/en/security-advisory https://www.dlink.com/en/security-bulletin https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf • CWE-306: Missing Authentication for Critical Function •