Information Disclosure Vulnerability in D-Link Network Attached Storage Products
CVE-2024-10916

5.3MEDIUM

Key Information:

Vendor: D-Link
Status: Dns-320 Firmware
Vendor: CVE Published:; 6 November 2024

Summary

A problematic vulnerability has been identified in various D-Link network attached storage (NAS) products. Specifically, it affects the HTTP GET Request Handler within the /xml/info.xml file, potentially enabling unauthorized users to access sensitive information. This vulnerability allows for remote exploitation and has already been disclosed publicly, raising concerns about the security of affected devices. Users are encouraged to review the impacted versions and implement necessary security measures.

References

https://vuldb.com/?id.283311

https://vuldb.com/?ctiid.283311

https://vuldb.com/?submit.432849

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 6, 2024