Vulnerability in Dlink Dir-600m
CVE-2020-13960
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as…
EPSS: 0.012 (64.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Dlink Dir-600m
- Dlink Dir-600m_firmware — versions 3.04
- Dlink Dsl-2730u
- Dlink Dsl-2730u_firmware — versions in_1.10
- N/a — versions n/a
References
- cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-13960?
- CVE-2020-13960 is a high-severity vulnerability in Dlink Dir-600m. CVSS score: 7.5/10. Published 2020-06-08.
- How severe is CVE-2020-13960?
- High severity. CVSS v3 base score is 7.5 out of 10.