7.5
CVE-2020-13960
- EPSS 0.43%
- Veröffentlicht 08.06.2020 20:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginD-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dlink ≫ Dsl-2730u Firmware Versionin_1.10
Dlink ≫ Dir-600m Firmware Version3.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.595 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|