8.1

CVE-2016-10125

Exploit

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.

Data is provided by the National Vulnerability Database (NVD)
DlinkDgs-1100 Firmware Version1.01.018
   DlinkDgs-1100-05 Version-
   DlinkDgs-1100-05pd Version-
   DlinkDgs-1100-08 Version-
   DlinkDgs-1100-08p Version-
   DlinkDgs-1100-10mp Version-
   DlinkDgs-1100-10mpp Version-
   DlinkDgs-1100-16 Version-
   DlinkDgs-1100-18 Version-
   DlinkDgs-1100-24 Version-
   DlinkDgs-1100-24p Version-
   DlinkDgs-1100-26 Version-
   DlinkDgs-1100-26mp Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.77% 0.711
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.