A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4 | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.283311 | Third Party Advisory |
https://vuldb.com/?id.283311 | Third Party Advisory |
https://vuldb.com/?submit.432849 | Third Party Advisory |
https://www.dlink.com/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
No history.
Information
Published : 2024-11-06 15:15
Updated : 2024-11-08 20:11
NVD link : CVE-2024-10916
Mitre link : CVE-2024-10916
CVE.ORG link : CVE-2024-10916
JSON object : View
Products Affected
dlink
- dns-320lw
- dns-320lw_firmware
- dns-320_firmware
- dns-340l_firmware
- dns-325_firmware
- dns-340l
- dns-320
- dns-325
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-284Improper Access Control
NVD-CWE-Other