CVE-2024-36755

MEDIUM

D-Link DIR-1950 <v1.11B03 - Info Disclosure

Title source: llm

Description

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack.

References (1)

Core 1

Core References

Vendor Advisory

https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10401

Scores

CVSS v3 6.8

EPSS 0.0012

EPSS Percentile 31.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-599

Status published

Products (1)

dlink/dir-1950_firmware < 1.11b03

Published Jun 27, 2024

Tracked Since Feb 18, 2026