CVE-2024-10916

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*

History

08 Nov 2024, 20:11

Type Values Removed Values Added
CWE NVD-CWE-Other
First Time Dlink dns-325 Firmware
Dlink dns-320lw Firmware
Dlink dns-340l
Dlink
Dlink dns-320 Firmware
Dlink dns-325
Dlink dns-320lw
Dlink dns-320
Dlink dns-340l Firmware
Summary
  • (es) Se ha detectado una vulnerabilidad clasificada como problemática en D-Link DNS-320, DNS-320LW, DNS-325 y DNS-340L hasta 20241028. Afecta a una parte desconocida del archivo /xml/info.xml del componente HTTP GET Request Handler. La manipulación conduce a la divulgación de información. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.
CPE cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*
References () https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 - () https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.283311 - () https://vuldb.com/?ctiid.283311 - Third Party Advisory
References () https://vuldb.com/?id.283311 - () https://vuldb.com/?id.283311 - Third Party Advisory
References () https://vuldb.com/?submit.432849 - () https://vuldb.com/?submit.432849 - Third Party Advisory
References () https://www.dlink.com/ - () https://www.dlink.com/ - Product

06 Nov 2024, 16:15

Type Values Removed Values Added
CWE CWE-266

06 Nov 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-06 15:15

Updated : 2024-11-08 20:11


NVD link : CVE-2024-10916

Mitre link : CVE-2024-10916

CVE.ORG link : CVE-2024-10916


JSON object : View

Products Affected

dlink

  • dns-340l
  • dns-320
  • dns-320lw_firmware
  • dns-325_firmware
  • dns-320lw
  • dns-325
  • dns-320_firmware
  • dns-340l_firmware
CWE
NVD-CWE-Other CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control