PT-2021-6399 · D Link · D-Link Dir-X1860

Constantinos Kolias

Published

2021-09-01

Updated

2022-03-12

CVE-2021-46353

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions D-Link DIR-X1860 versions prior to 1.03 RevA1

Description The issue is related to an information disclosure in the web interface of the affected device. It allows a remote unauthenticated attacker to send a specially crafted HTTP request to gain knowledge of different absolute paths used by the web application. This is due to insufficient protection of service data.

Recommendations For D-Link DIR-X1860 versions prior to 1.03 RevA1, update to version 1.03 RevA1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

Fix

Information Disclosure

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-209

Related Identifiers

BDU:2022-01482

CVE-2021-46353

Affected Products

D-Link Dir-X1860

PT-2021-6399 · D Link · D-Link Dir-X1860

CVE-2021-46353

Weakness Enumeration

Related Identifiers

Affected Products

References · 7