MEDIUM🇵🇱 Wersja polska

CVE-2024-36755

CVSS 6.8v3.1pub. 2024-06-27upd. 2025-07-09

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Dlink Dir 1950

    HW
    Dlink
    wszystkie wersje
  • Dlink Dir 1950 Firmware

    OS
    Dlink
    ≤ 1.11b03
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam vendor

D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)

CVE-2023-25280CRITICAL9.8⚠ KEVten sam vendor

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to roo...

CVE-2016-20017CRITICAL9.8⚠ KEVten sam vendor

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli para...

CVE-2022-37055CRITICAL9.8⚠ KEVten sam vendor

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via...

CVE-2022-26258CRITICAL9.8⚠ KEVten sam vendor

D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST t...