D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack.
References
Link | Resource |
---|---|
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10401 | Vendor Advisory |
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10401 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Jul 2025, 18:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:dlink:dir-1950_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-1950:-:*:*:*:*:*:*:* |
|
First Time |
Dlink dir-1950 Firmware
Dlink dir-1950 Dlink |
|
References | () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10401 - Vendor Advisory |
21 Nov 2024, 09:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10401 - |
01 Aug 2024, 13:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
CWE | CWE-599 | |
Summary |
|
27 Jun 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-27 21:15
Updated : 2025-07-09 18:29
NVD link : CVE-2024-36755
Mitre link : CVE-2024-36755
CVE.ORG link : CVE-2024-36755
JSON object : View
Products Affected
dlink
- dir-1950_firmware
- dir-1950
CWE
CWE-599
Missing Validation of OpenSSL Certificate