CVE-2023-6580

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
8.8HIGH
EPSS
0.5%
top 33.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
D-link Dir-846Dlink Dir-846 Firmware
Timeline
PublishedDec 7
Latest updateDec 8

Description

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5d-link/dir-846FW100A53DBR
NVDdlink/dir-846_firmware100a53dbr

🔴Vulnerability Details

2
GHSA
GHSA-r2mg-8788-h74v: A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR2023-12-08
CVEList
D-Link DIR-846 QoS POST deserialization2023-12-07
CVE-2023-6580 (HIGH CVSS 8.8) | A vulnerability | cvebase.io