CVE-2020-9376

Опубликовано: 09 июл. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Критический

Описание

D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Ссылки

https://gist.github.com/GouveaHeitor/dcbb67b301cc45adc00f8a6a2a0a590f
Exploit
Patch
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182
Exploit
Vendor Advisory
https://www.dlink.com.br/produto/dir-610/
Product
Vendor Advisory
https://gist.github.com/GouveaHeitor/dcbb67b301cc45adc00f8a6a2a0a590f
Exploit
Patch
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182
Exploit
Vendor Advisory
https://www.dlink.com.br/produto/dir-610/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dir-610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-610:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.92258

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-2qxc-rcjp-37j2