CVE-2020-13960 — Dlink Dir-600m Firmware vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 37.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-600m Firmware Dlink Dsl-2730u Firmware

Timeline

PublishedJun 8

Latest updateMay 24

Description

D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDdlink/dir-600m_firmware3.04

▶NVDdlink/dsl-2730u_firmwarein_1.10

🔴Vulnerability Details

GHSA

GHSA-7w9r-cjjc-pxw2: D-Link DSL 2730-U IN_1↗2022-05-24

▶

CVEList

CVE-2020-13960: D-Link DSL 2730-U IN_1↗2020-06-08

▶