CVE-2023-41603

{"id": "CVE-2023-41603", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-01-10T08:15:37.740", "references": [{"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6."}, {"lang": "es", "value": "Se descubri\u00f3 que D-Link R15 anterior a v1.08.02 no conten\u00eda restricciones de firewall para el tr\u00e1fico IPv6. Esto permite a los atacantes acceder arbitrariamente a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a trav\u00e9s de IPv6."}], "lastModified": "2024-01-12T19:13:05.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24ABB518-FE4A-46AE-A501-AF3E41D6BB47", "versionEndIncluding": "1.08.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:r15:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "714513B8-0676-46AF-82B2-4076F75BA17A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}