CVE-2020-13960
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name.
Los dispositivos D-Link DSL 2730-U versiones IN_1.10 e IN_1.11 y DIR-600M versiones 3.04, poseen la cadena domain.name en la ruta de búsqueda de resolutor DNS por defecto, lo que permite a atacantes remotos proveer respuestas DNS válidas (y también ofrecer servicios de Internet tales como HTTP) para nombres que de otro modo habrían tenido un error NXDOMAIN, al registrar un subdominio del nombre de dominio domain.name
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-08 CVE Reserved
- 2020-06-08 CVE Published
- 2023-06-12 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://harigovind.org/articles/who-is-hijacking-my-nxdomains | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dlink Search vendor "Dlink" | Dsl-2730u Firmware Search vendor "Dlink" for product "Dsl-2730u Firmware" | in_1.10 Search vendor "Dlink" for product "Dsl-2730u Firmware" and version "in_1.10" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dsl-2730u Search vendor "Dlink" for product "Dsl-2730u" | - | - |
Safe
|
Dlink Search vendor "Dlink" | Dir-600m Firmware Search vendor "Dlink" for product "Dir-600m Firmware" | 3.04 Search vendor "Dlink" for product "Dir-600m Firmware" and version "3.04" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-600m Search vendor "Dlink" for product "Dir-600m" | - | - |
Safe
|