CVE-2016-10125

Published Jan 9, 2017

Last updated 2 years ago

CVSS high 8.1

Overview

Description: D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1100_firmware:1.01.018:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8878D9ED-A1FE-4FF7-A4AE-40CA63DF411B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-05:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F8A46336-7A22-4849-BCBD-0457CEB70420"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-05pd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EFA786B3-3F0C-41A8-9BF8-E879FA238F6D"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-08:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A4F42B5B-662A-45EC-99F7-990BBF927529"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-08p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CA7B8863-079A-4F54-BE19-5D5F895E0397"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-10mp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F53666CD-7C80-4CD4-9AA4-532E6FCD60CF"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-10mpp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2ADF4869-26A4-41FA-B8AC-DA95BD3DCD1C"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-16:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "07183F0E-BED2-421B-A703-12231E949AD4"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-18:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D2FF910-1EFC-4801-8CC6-4F42BC2B176A"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-24:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0FE6D96A-17B8-403C-B9BD-B2F893C7DA5E"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-24p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6D31154-02C8-4408-9107-F8831DCCF2A1"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-26:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97818965-F8EE-4196-AF80-A2CB229EBBC3"
          },
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1100-26mp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "50AABE34-A38B-46EC-BD4E-94FC58EFCA88"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References