CVE-2016-10125 - OpenCVE

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dgs-1100-05 Dgs-1100-05pd Dgs-1100-08 Dgs-1100-08p Dgs-1100-10mp Dgs-1100-10mpp Dgs-1100-16 Dgs-1100-18 Dgs-1100-24 Dgs-1100-24p Dgs-1100-26 Dgs-1100-26mp Dgs-1100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dgs-1100_firmware:1.01.018:*:*:*:*:*:*:*

OR	cpe:2.3:h:dlink:dgs-1100-05:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-05pd:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-08:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-08p:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-10mp:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-10mpp:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-16:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-18:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-24:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-24p:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-26:-:::::::*
	cpe:2.3:h:dlink:dgs-1100-26mp:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/95329
https://labs.integrity.pt/advisories/dlink-dgs-1100-hardcoded-keys/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-09T17:00:00

Updated: 2024-08-06T03:14:41.321Z

Reserved: 2017-01-09T00:00:00

Link: CVE-2016-10125

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-01-09T17:59:00.130

Modified: 2023-04-26T19:27:52.350

Link: CVE-2016-10125

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-11T10:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://labs.integrity.pt/advisories/dlink-dgs-1100-hardcoded-keys/"}, {"name": "95329", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95329"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10125", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://labs.integrity.pt/advisories/dlink-dgs-1100-hardcoded-keys/", "refsource": "MISC", "url": "https://labs.integrity.pt/advisories/dlink-dgs-1100-hardcoded-keys/"}, {"name": "95329", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95329"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:14:41.321Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.integrity.pt/advisories/dlink-dgs-1100-hardcoded-keys/"}, {"name": "95329", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95329"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10125", "datePublished": "2017-01-09T17:00:00", "dateReserved": "2017-01-09T00:00:00", "dateUpdated": "2024-08-06T03:14:41.321Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dgs-1100_firmware:1.01.018:*:*:*:*:*:*:*", "matchCriteriaId": "8878D9ED-A1FE-4FF7-A4AE-40CA63DF411B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dgs-1100-05:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8A46336-7A22-4849-BCBD-0457CEB70420", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-05pd:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFA786B3-3F0C-41A8-9BF8-E879FA238F6D", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-08:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4F42B5B-662A-45EC-99F7-990BBF927529", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-08p:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA7B8863-079A-4F54-BE19-5D5F895E0397", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-10mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "F53666CD-7C80-4CD4-9AA4-532E6FCD60CF", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-10mpp:-:*:*:*:*:*:*:*", "matchCriteriaId": "2ADF4869-26A4-41FA-B8AC-DA95BD3DCD1C", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "07183F0E-BED2-421B-A703-12231E949AD4", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-18:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D2FF910-1EFC-4801-8CC6-4F42BC2B176A", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FE6D96A-17B8-403C-B9BD-B2F893C7DA5E", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6D31154-02C8-4408-9107-F8831DCCF2A1", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-26:-:*:*:*:*:*:*:*", "matchCriteriaId": "97818965-F8EE-4196-AF80-A2CB229EBBC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:dlink:dgs-1100-26mp:-:*:*:*:*:*:*:*", "matchCriteriaId": "50AABE34-A38B-46EC-BD4E-94FC58EFCA88", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session."}, {"lang": "es", "value": "Dispositivos D-Link DGS-1100 con firmware Rev.B 1.01.018 tiene una contrase\u00f1a privada SSL embebida, lo que permite a atacantes man-in-the-middle suplantar dispositivos secuestrando una sesi\u00f3n HTTPS."}], "id": "CVE-2016-10125", "lastModified": "2023-04-26T19:27:52.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-09T17:59:00.130", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/95329"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://labs.integrity.pt/advisories/dlink-dgs-1100-hardcoded-keys/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}