CVE-2024-0717

Public Exploit

D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure

Description

A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.

References

Link	Tags
https://vuldb.com/?id.251542	third party advisory vdb entry technical description
https://vuldb.com/?ctiid.251542	signature third party advisory permissions required
https://github.com/999zzzzz/D-Link	third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2024-0717?: CVE-2024-0717 has been scored as a medium severity vulnerability.
How to fix CVE-2024-0717?: To fix CVE-2024-0717, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-0717 being actively exploited in the wild?: It is possible that CVE-2024-0717 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~21% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-0717?: CVE-2024-0717 affects D-Link DAP-1360, D-Link DIR-300, D-Link DIR-615, D-Link DIR-615GF, D-Link DIR-615S, D-Link DIR-615T, D-Link DIR-620, D-Link DIR-620S, D-Link DIR-806A, D-Link DIR-815, D-Link DIR-815AC, D-Link DIR-815S, D-Link DIR-816, D-Link DIR-820, D-Link DIR-822, D-Link DIR-825, D-Link DIR-825AC, D-Link DIR-825ACF, D-Link DIR-825ACG1, D-Link DIR-841, D-Link DIR-842, D-Link DIR-842S, D-Link DIR-843, D-Link DIR-853, D-Link DIR-878, D-Link DIR-882, D-Link DIR-1210, D-Link DIR-1260, D-Link DIR-2150, D-Link DIR-X1530, D-Link DIR-X1860, D-Link DSL-224, D-Link DSL-245GR, D-Link DSL-2640U, D-Link DSL-2750U, D-Link DSL-G2452GR, D-Link DVG-5402G, D-Link DVG-5402G, D-Link DVG-5402GFRU, D-Link DVG-N5402G, D-Link DVG-N5402G-IL, D-Link DWM-312W, D-Link DWM-321, D-Link DWR-921, D-Link DWR-953, D-Link Good Line Router v2.

Description

Category

CWE-200 – Exposure of Sensitive Information to an Unauthorized Actor

References

Frequently Asked Questions