CVE-2024-10916

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dns-320lw_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-320lw:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:dns-325_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-325:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dns-340l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dns-340l:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-06 15:15

Updated : 2024-11-08 20:11


NVD link : CVE-2024-10916

Mitre link : CVE-2024-10916

CVE.ORG link : CVE-2024-10916


JSON object : View

Products Affected

dlink

  • dns-320lw
  • dns-320lw_firmware
  • dns-320_firmware
  • dns-340l_firmware
  • dns-325_firmware
  • dns-340l
  • dns-320
  • dns-325
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control

NVD-CWE-Other