CVE-2023-41603

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41603
D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 Patch Vendor Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:r15:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:21

Type Values Removed Values Added
References () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 - Patch, Vendor Advisory () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 - Patch, Vendor Advisory

12 Jan 2024, 19:13

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Dlink r15
Dlink
Dlink r15 Firmware
References () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 - () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347 - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
CPE cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:r15:-:*:*:*:*:*:*:*

10 Jan 2024, 13:56

Type Values Removed Values Added
Summary
  • (es) Se descubrió que D-Link R15 anterior a v1.08.02 no contenía restricciones de firewall para el tráfico IPv6. Esto permite a los atacantes acceder arbitrariamente a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a través de IPv6.

10 Jan 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-10 08:15

Updated : 2024-11-21 08:21

NVD link : CVE-2023-41603

Mitre link : CVE-2023-41603

CVE.ORG link : CVE-2023-41603

JSON object : View

Products Affected

dlink

  • r15_firmware
  • r15
CWE
NVD-CWE-noinfo