D-Link DIR-859 1.06B01 HTTP POST Request /hedwig.cgi service path traversal
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.5 | $0-$5k | 0.06 |
A vulnerability was found in D-Link DIR-859 1.06B01 (Router Operating System). It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service
with the input value ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml
leads to a path traversal vulnerability. Using CWE to declare the problem leads to CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Impacted is confidentiality.
The weakness was released 01/20/2024 by Françoa Taffarel (exord26) with Lab-C2DC-ITA. The advisory is available at github.com. This vulnerability is handled as CVE-2024-0769. Technical details as well as a public exploit are known. This vulnerability is assigned to T1006 by the MITRE ATT&CK project.
The exploit is available at github.com. It is declared as proof-of-concept. As 0-day the estimated underground price was around $5k-$25k. Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
The best possible mitigation is suggested to be disabling the affected component. The advisory contains the following remark:
The DIR-859, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle. D-Link US recommends D-Link devices that have reached EOL/EOS, to be retired and replaced. Please contact your regional office for recommendations (LINK).
As a general policy, when products reach EOS/EOL, they can no longer be supported, and all firmware development for these products cease. Please read information and recommendations below.
Entries connected to this vulnerability are available at VDB-256919, VDB-257977, VDB-257978 and VDB-258600.
Product
Type
Vendor
Name
Version
License
Support
- end of life
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔒VulDB CVSS-BT Score: 🔒
VulDB Vector: 🔒
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.5
VulDB Base Score: 5.3
VulDB Temp Score: 5.0
VulDB Vector: 🔒
VulDB Reliability: 🔍
Researcher Base Score: 10.0
Researcher Vector: 🔒
NVD Base Score: 9.8
NVD Vector: 🔒
CNA Base Score: 5.3
CNA Vector (VulDB): 🔒
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
NVD Base Score: 🔒
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔒
ATT&CK: 🔒
Local: No
Remote: Yes
Availability: 🔒
Access: Public
Status: Proof-of-Concept
Download: 🔒
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: DisableStatus: 🔍
0-Day Time: 🔒
Timeline
01/20/2024 Advisory disclosed01/20/2024 CVE reserved
01/20/2024 VulDB entry created
02/15/2024 VulDB entry last update
Sources
Vendor: dlink.comAdvisory: github.com
Researcher: Françoa Taffarel (exord26)
Organization: Lab-C2DC-ITA
Status: Confirmed
Confirmation: 🔒
CVE: CVE-2024-0769 (🔒)
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔒
Entry
Created: 01/20/2024 16:18Updated: 02/15/2024 22:59
Changes: 01/20/2024 16:18 (47), 01/20/2024 16:19 (1), 01/20/2024 22:39 (5), 01/20/2024 23:03 (1), 02/03/2024 11:51 (21), 02/15/2024 22:48 (6), 02/15/2024 22:59 (19)
Complete: 🔍
Submitter: francoa.taffarel
Committer: francoa.taffarel
Cache ID: 18:F36:103
Submit
Accepted
- Submit #267965: D-LINK DIR-859 RevA_FW_Patch_v1.06B01 Improper Input Validation, Improper Privilege Management (by francoa.taffarel)
No comments yet. Languages: en.
Please log in to comment.