CVE-2024-10916

5.3MEDIUM

Key Information

Vendor: D-Link
Status: Dns-320 Firmware
Vendor: CVE Published:; 6 November 2024

Summary

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Refferences

https://vuldb.com/?id.283311

https://vuldb.com/?ctiid.283311

https://vuldb.com/?submit.432849

https://netsecfish.notion.site/Information-Disclosure-Vul...

https://www.dlink.com/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2024

Collectors

NVD Database