// For flags

CVE-2020-13960

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name.

Los dispositivos D-Link DSL 2730-U versiones IN_1.10 e IN_1.11 y DIR-600M versiones 3.04, poseen la cadena domain.name en la ruta de búsqueda de resolutor DNS por defecto, lo que permite a atacantes remotos proveer respuestas DNS válidas (y también ofrecer servicios de Internet tales como HTTP) para nombres que de otro modo habrían tenido un error NXDOMAIN, al registrar un subdominio del nombre de dominio domain.name

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-08 CVE Reserved
  • 2020-06-08 CVE Published
  • 2023-06-12 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
Dsl-2730u Firmware
Search vendor "Dlink" for product "Dsl-2730u Firmware"
in_1.10
Search vendor "Dlink" for product "Dsl-2730u Firmware" and version "in_1.10"
-
Affected
in Dlink
Search vendor "Dlink"
Dsl-2730u
Search vendor "Dlink" for product "Dsl-2730u"
--
Safe
Dlink
Search vendor "Dlink"
Dir-600m Firmware
Search vendor "Dlink" for product "Dir-600m Firmware"
3.04
Search vendor "Dlink" for product "Dir-600m Firmware" and version "3.04"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-600m
Search vendor "Dlink" for product "Dir-600m"
--
Safe