Vulnerabilities > CVE-2024-10916 - Unspecified vulnerability in Dlink products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dlink

NVD

Published: 2024-11-06

Updated: 2024-11-08

Summary

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DNS 320 Firmware * Dlink DNS 320Lw Firmware * Dlink DNS 325 Firmware * Dlink DNS 340L Firmware *	4
Hardware	Dlink Dlink DNS 320 - Dlink DNS 320Lw - Dlink DNS 325 - Dlink DNS 340L -	4

References

https://vuldb.com/?id.283311
https://vuldb.com/?ctiid.283311
https://vuldb.com/?submit.432849
https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4
https://www.dlink.com/