Unrated severityNVD Advisory· Published Nov 6, 2024· Updated Nov 6, 2024

D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure

CVE-2024-10916

Description

A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected products

Dlink/DNS-320LWllm-create
Range: <=20241028
Dlink/DNS-325llm-create
Range: <=20241028
Dlink/DNS-320llm-fuzzy4 versions
<=20241028+ 3 more
- (no CPE)range: <=20241028
- (no CPE)range: 20241028
- (no CPE)range: 20241028
- (no CPE)range: 20241028
Dlink/DNS-340Lcpe-rescue
Range: 20241028

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6mitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entry
www.dlink.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000