CVE-2024-8461

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dns-320_firmware:2.02b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*

History

12 Sep 2024, 17:17

Type Values Removed Values Added
CPE cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dns-320_firmware:2.02b01:*:*:*:*:*:*:*
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en D-Link DNS-320 2.02b01. Afecta a una parte desconocida del archivo /cgi-bin/discovery.cgi del componente Web Management Interface. La manipulación conduce a la divulgación de información. Es posible iniciar el ataque de forma remota. La vulnerabilidad se ha divulgado al público y puede utilizarse. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante. Se contactó primeramente con el proveedor y confirmó que el producto ha llegado al final de su vida útil. Debería retirarse y reemplazarse.
First Time Dlink dns-320
Dlink
Dlink dns-320 Firmware
CWE NVD-CWE-noinfo
References () https://github.com/leetsun/IoT-Vuls/tree/main/Dlink-dns320/4 - () https://github.com/leetsun/IoT-Vuls/tree/main/Dlink-dns320/4 - Exploit, Third Party Advisory
References () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 - () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 - Not Applicable
References () https://vuldb.com/?ctiid.276627 - () https://vuldb.com/?ctiid.276627 - Permissions Required
References () https://vuldb.com/?id.276627 - () https://vuldb.com/?id.276627 - Third Party Advisory
References () https://vuldb.com/?submit.401300 - () https://vuldb.com/?submit.401300 - Third Party Advisory
References () https://www.dlink.com/ - () https://www.dlink.com/ - Product

05 Sep 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-05 13:15

Updated : 2024-09-12 17:17


NVD link : CVE-2024-8461

Mitre link : CVE-2024-8461

CVE.ORG link : CVE-2024-8461


JSON object : View

Products Affected

dlink

  • dns-320_firmware
  • dns-320
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor