CVE-2018-7859

Published Dec 30, 2019
Last updated 5 years ago
CVSS medium 6.1
Overview

Description: A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-20_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "403A5189-D47F-41BC-93D0-ECAA5F8CDAE0",
            "versionEndIncluding": "1.31.b003"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-20_firmware:1.20.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02782EAE-F154-4635-9A9E-A00EA35A6301"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-20_firmware:1.30.007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C711DB9A-7ADD-44F0-B0B8-7C86F414DBC0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1510-20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F448DDD-2BE7-4A02-803B-B45A4C15BADB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7095B0D-50F5-4FD7-8CC0-0AD1D54EE249",
            "versionEndIncluding": "1.31.b003"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28_firmware:1.20.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF5B3C6F-3037-4954-A576-A5FEBDDBC312"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28_firmware:1.30.007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF40BB1A-F941-43E2-8915-B3772342E8F2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1510-28:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B9B3F335-BAD9-4845-9E8B-42073E23E449"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28p_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "685F3D2F-ECEC-407F-8913-657BE6D26B45",
            "versionEndIncluding": "1.31.b003"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28p_firmware:1.20.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE77C21-EF97-4215-8F9D-55A8C881B415"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28p_firmware:1.30.007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA13B937-B3E6-4110-8FB1-D410369FB50D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1510-28p:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6335B6B7-D0BC-46B3-9550-F2A234C14F2A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28x_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7AB9E2A-7FD8-47AE-AC72-863CD7913593",
            "versionEndIncluding": "1.31.b003"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28x_firmware:1.20.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8380EB5B-8DD9-4BED-8DC4-F075CB4EAF1E"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28x_firmware:1.30.007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E290954A-15BC-40C1-85CC-FE26CB8D8226"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1510-28x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DC974C1E-169F-4745-A922-C6C2D79BE0CE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28xmp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13AE1622-A05C-4714-B4D7-C53634CFEA26",
            "versionEndIncluding": "1.31.b003"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28xmp_firmware:1.20.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78A04B71-D4D2-4768-9CCB-277D20595971"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-28xmp_firmware:1.30.007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CD1254F-962B-4588-93E0-8F4224C56984"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1510-28xmp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F472265A-0683-4EC8-9C9D-ECF66E92574E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52x_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "212E9BEA-6A99-468C-8FE4-5D0E7FAC9231",
            "versionEndIncluding": "1.31.b003"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52x_firmware:1.20.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89CB3846-B20E-4E40-9C14-467511B52D47"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52x_firmware:1.30.007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F699792A-EE3A-4165-8F6B-0FFFC665ACC7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1510-52x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F1CE9A52-0041-487B-8EDB-98C1E570CF78"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52xmp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "253026D9-51E8-4EF2-A6FC-D50EA6775198",
            "versionEndIncluding": "1.31.b003"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52xmp_firmware:1.20.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C31580C9-B448-4473-859D-D55B4685F58B"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52xmp_firmware:1.30.007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBE82D2D-40D5-4816-9D00-6F7A9DD303E9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1510-52xmp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D4A3ED89-B8FB-4AF2-AD78-E252546DB6FB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1F90F6F-1E94-4F3A-B438-84653B0204DE",
            "versionEndIncluding": "1.31.b003"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52_firmware:1.20.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D61E998-7EBA-4F5C-943B-4F43CDFFBC0C"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dgs-1510-52_firmware:1.30.007:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FDC4068-BF71-440B-8804-58D37EDEC75F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dgs-1510-52:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A4664355-72DB-4F4B-B27B-633CA5175855"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
