A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.283311 | Third Party Advisory |
https://vuldb.com/?id.283311 | Third Party Advisory |
https://vuldb.com/?submit.432849 | Third Party Advisory |
https://www.dlink.com/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
08 Nov 2024, 20:11
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
First Time |
Dlink dns-325 Firmware
Dlink dns-320lw Firmware Dlink dns-340l Dlink Dlink dns-320 Firmware Dlink dns-325 Dlink dns-320lw Dlink dns-320 Dlink dns-340l Firmware |
|
Summary |
|
|
CPE | cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:* |
|
References | () https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.283311 - Third Party Advisory | |
References | () https://vuldb.com/?id.283311 - Third Party Advisory | |
References | () https://vuldb.com/?submit.432849 - Third Party Advisory | |
References | () https://www.dlink.com/ - Product |
06 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
06 Nov 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-06 15:15
Updated : 2024-11-08 20:11
NVD link : CVE-2024-10916
Mitre link : CVE-2024-10916
CVE.ORG link : CVE-2024-10916
JSON object : View
Products Affected
dlink
- dns-340l
- dns-320
- dns-320lw_firmware
- dns-325_firmware
- dns-320lw
- dns-325
- dns-320_firmware
- dns-340l_firmware
CWE
NVD-CWE-Other
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-284Improper Access Control