Описание
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
Ссылки
- ExploitMitigationThird Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dlink:dgs-1100_firmware:1.01.018:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:dlink:dgs-1100-05:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-05pd:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-08:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-08p:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-10mp:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-10mpp:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-16:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-18:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-24:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-24p:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-26:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dgs-1100-26mp:-:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00767
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
EPSS
Процентиль: 73%
0.00767
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-798