Severity
High
Analysis Summary
CVE-2023-30309 CVSS:7.5
D-Link DI-7003GV2 routers are vulnerable to a denial of service, caused by a flaw in the NAT port preservation strategy and an insufficient reverse path validation strategy. By utilize side-channel attack techniques, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-6044 CVSS:6.5
Multiple D-Link wireless routers could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing directory traversal sequences to read arbitrary system files.
CVE-2024-37630 CVSS:8.8
D-Link DIR-605L contains a hardcoded password vulnerability in /etc/passwd. A remote attacker could exploit this vulnerability to log in as root and gain administrator privileges.
Impact
- Denial of Service
- Gain Access
Indicators of Compromise
CVE
- CVE-2023-30309
- CVE-2024-6044
- CVE-2024-37630
Affected Vendors
Affected Products
- D-Link G403 earlier
- D-Link G415 earlier
- D-Link G416 earlier
- D-Link M18 earlier
- D-Link DI-7003GV2
- D-Link DIR-605L 2.13B01
Remediation
Refer to D-Link Website for patch, upgrade or suggested workaround information.