A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
History

Fri, 08 Nov 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Dlink dns-320
Dlink dns-320lw
Dlink dns-325
Dlink dns-340l
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink dns-320
Dlink dns-320lw
Dlink dns-325
Dlink dns-340l

Wed, 06 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dns-320 Firmware
Dlink dns-320lw Firmware
Dlink dns-325 Firmware
Dlink dns-340l Firmware
CPEs cpe:2.3:o:dlink:dns-320_firmware:20241028:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320lw_firmware:20241028:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-325_firmware:20241028:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-340l_firmware:20241028:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dns-320 Firmware
Dlink dns-320lw Firmware
Dlink dns-325 Firmware
Dlink dns-340l Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 Nov 2024 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-266

Wed, 06 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure
Weaknesses CWE-200
CWE-266
CWE-284
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-06T15:00:08.202Z

Updated: 2024-11-06T16:15:00.331Z

Reserved: 2024-11-06T07:07:58.999Z

Link: CVE-2024-10916

cve-icon Vulnrichment

Updated: 2024-11-06T16:14:45.689Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-06T15:15:12.123

Modified: 2024-11-08T20:11:37.567

Link: CVE-2024-10916

cve-icon Redhat

No data.