CVE-2024-10916
MEDIUMD-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L - Information Disclosure via /xml/info.xml
Title source: llmDescription
A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References (5)
Core 5
Core References
Third Party Advisory vdb-entry
https://vuldb.com/?id.283311
Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.283311
Third Party Advisory third-party-advisory
https://vuldb.com/?submit.432849
Exploit, Third Party Advisory exploit
https://netsecfish.notion.site/Information-Disclosure-Vulnerability-Report-in-xml-info-xml-for-D-Link-NAS-12d6b683e67c8019a311e699582f51b6?pvs=4
Product product
https://www.dlink.com/
Scores
CVSS v3
5.3
EPSS
0.0106
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
CWE-200
Status
published
Products (4)
dlink/dns-320_firmware
dlink/dns-320lw_firmware
dlink/dns-325_firmware
dlink/dns-340l_firmware
Published
Nov 06, 2024
Tracked Since
Feb 18, 2026