CVE-2023-41603

Published Jan 10, 2024

Last updated 6 months ago

CVSS medium 5.3

Overview

Description: D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24ABB518-FE4A-46AE-A501-AF3E41D6BB47",
            "versionEndIncluding": "1.08.02"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:r15:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "714513B8-0676-46AF-82B2-4076F75BA17A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References