CVE-2020-13960

Опубликовано: 08 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name.

Ссылки

https://harigovind.org/articles/who-is-hijacking-my-nxdomains/
Exploit
Third Party Advisory
https://harigovind.org/articles/who-is-hijacking-my-nxdomains/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dsl-2730u_firmware:in_1.10:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dsl-2730u:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:dlink:dir-600m_firmware:3.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-600m:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00429

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-7w9r-cjjc-pxw2

github

больше 3 лет назад