Lucene search

INCDCVE-2024-38437

HistoryJul 21, 2024 - 8:15 a.m.

CVE-2024-38437

2024-07-2108:15:06

CWE-306

CWE-288

INCD

web.nvd.nist.gov

d-link

authentication bypass

alternate path

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel

Affected configurations

Nvd

Node

dlinkdsl-225_firmwareMatchbz_1.00.16

AND

dlinkdsl-225Match-

VendorProductVersionCPE
dlinkdsl-225_firmwarebz_1.00.16cpe:2.3:o:dlink:dsl-225_firmware:bz_1.00.16:*:*:*:*:*:*:*
dlinkdsl-225-cpe:2.3:h:dlink:dsl-225:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dsl-225_firmware	bz_1.00.16	cpe:2.3:o:dlink:dsl-225_firmware:bz_1.00.16:::::::*
dlink	dsl-225	-	cpe:2.3:h:dlink:dsl-225:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DSL-225",
    "vendor": "D-Link",
    "versions": [
      {
        "status": "affected",
        "version": "version BZ_1.00.16",
        "versionType": "custom"
      }
    ]
  }
]

References

www.gov.il/en/Departments/faq/cve_advisories

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

Related for CVE-2024-38437