A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an…
VulDB·CWE-266·Published 2025-03-20
In D-Link DIR-618 and DIR-605L 2.02/3.02 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /goform/formSetPassword. Mittels Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Se ha detectado una vulnerabilidad en D-Link DIR-618 y DIR-605L 2.02/3.02, clasificada como problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /goform/formSetPassword. La manipulación genera controles de acceso inadecuados. El ataque debe realizarse dentro de la red local. Se ha hecho público el exploit y puede que sea utilizado. Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 3.3 | — | — | AV:A/AC:L/Au:N/C:N/I:P/A:N |
| 2.0 | Primary | cve.org | 3.3 | — | — | AV:A/AC:L/Au:N/C:N/I:P/A:N |
| 2.0 | Secondary | NVD | 3.3 | 6.5 | 2.9 | AV:A/AC:L/Au:N/C:N/I:P/A:N |
| 3.0 | Primary | cve.org | 4.3 | — | — | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 3.0 | Primary | cve.org | 4.3 | — | — | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Primary | cve.org | 4.3 | — | — | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | Primary | cve.org | 4.3 | — | — | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 3.1 | Secondary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 4.0 | Primary | cve.org | 5.3 | — | — | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| 4.0 | Primary | cve.org | 5.3 | — | — | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| 4.0 | Secondary | NVD | 5.3 | — | — | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |