Metrics
Affected Vendors & Products
Fri, 08 Nov 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dlink dns-320
Dlink dns-320lw Dlink dns-325 Dlink dns-340l |
|
CPEs | cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Dlink dns-320
Dlink dns-320lw Dlink dns-325 Dlink dns-340l |
Wed, 06 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dlink
Dlink dns-320 Firmware Dlink dns-320lw Firmware Dlink dns-325 Firmware Dlink dns-340l Firmware |
|
CPEs | cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Dlink
Dlink dns-320 Firmware Dlink dns-320lw Firmware Dlink dns-325 Firmware Dlink dns-340l Firmware |
|
Metrics |
ssvc
|
Wed, 06 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |
Title | D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection | |
Weaknesses | CWE-707 CWE-74 CWE-78 |
|
References |
| |
Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published: 2024-11-06T14:00:06.041Z
Updated: 2024-11-06T15:26:07.833Z
Reserved: 2024-11-06T07:07:56.135Z
Link: CVE-2024-10915
Updated: 2024-11-06T15:25:59.345Z
Status : Analyzed
Published: 2024-11-06T14:15:05.783
Modified: 2024-11-08T20:11:10.973
Link: CVE-2024-10915
No data.