We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Bugpilot (Bug tracking)

Ok

THREATINT CVE Home CVE Diag Help
PUBLISHED

CVE-2024-3274

D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure

Reserved:2024-04-03
Published:2024-04-04
Updated:2024-04-05

Description

EN DE

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

In D-Link DNS-320L, DNS-320LW and DNS-327L bis 20240403 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei /cgi-bin/info.cgi der Komponente HTTP GET Request Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.



MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.0AV:N/AC:L/Au:N/C:P/I:N/A:N (CVSS 2.0)

Problem types

CWE-200 Information Disclosure

Product status

20240403
affected

20240403
affected

20240403
affected

Timeline

2024-04-03:Advisory disclosed
2024-04-03:VulDB entry created
2024-04-05:VulDB entry last update

Credits

netsecfish (VulDB User) reporter

References

https://vuldb.com/?id.259285 (VDB-259285 | D-Link DNS-320L/DNS-320LW/DNS-327L HTTP GET Request info.cgi information disclosure) vdb-entry

https://vuldb.com/?ctiid.259285 (VDB-259285 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

https://vuldb.com/?submit.304706 (Submit #304706 | D-LINK DNS-327L, DNS-320L, DNS-320LW Version=1.02.0329.2013, Version=1.01.0914.2012, Version=1.01.0914.2012, Version=1.00.0409.2013 Exposure of Sensitive Information to an Unauthorized Actor) third-party-advisory

https://github.com/netsecfish/info_cgi exploit

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 related

cve.org CVE-2024-3274

nvd.nist.gov CVE-2024-3274

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3274