CVE-2020-13136 - Vulnerability Details

Vendors	Products
Dlink	Dsp-w215 Dsp-w215 Firmware

Link	Providers
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-18T16:05:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-13136", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172", "refsource": "MISC", "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:11:18.991Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-13136", "datePublished": "2020-05-18T16:05:37", "dateReserved": "2020-05-18T00:00:00", "dateUpdated": "2024-08-04T12:11:18.991Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-05-18T16:05:37 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2020-13136 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172 (string)

refsource : MISC (string)

url : https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T12:11:18.991Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2020-13136 (string)

datePublished : 2020-05-18T16:05:37 (string)

dateReserved : 2020-05-18T00:00:00 (string)

dateUpdated : 2024-08-04T12:11:18.991Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dsp-w215_firmware:1.26b03:*:*:*:*:*:*:*", "matchCriteriaId": "39D5BA37-9A52-4CDA-B6C7-C83E3CC5C620", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dsp-w215:a1:*:*:*:*:*:*:*", "matchCriteriaId": "8D58AF41-609E-4FA2-B1B4-15350076D767", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer."}, {"lang": "es", "value": "Los dispositivos D-Link DSP-W215 versi\u00f3n1.26b03, env\u00edan un hash ofuscado que puede ser recuperado y comprendido por un esp\u00eda de red."}], "id": "CVE-2020-13136", "lastModified": "2024-11-21T05:00:44.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-18T17:15:10.803", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:dlink:dsp-w215_firmware:1.26b03:*:*:*:*:*:*:* (string)

matchCriteriaId : 39D5BA37-9A52-4CDA-B6C7-C83E3CC5C620 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:dlink:dsp-w215:a1:*:*:*:*:*:*:* (string)

matchCriteriaId : 8D58AF41-609E-4FA2-B1B4-15350076D767 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. (string)

}

1 : { »

lang : es (string)

value : Los dispositivos D-Link DSP-W215 versión1.26b03, envían un hash ofuscado que puede ser recuperado y comprendido por un espía de red. (string)

}

]

id : CVE-2020-13136 (string)

lastModified : 2024-11-21T05:00:44.020 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-05-18T17:15:10.803 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Not Applicable (string)

]

url : https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Not Applicable (string)

]

url : https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10172 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object