How severe is CVE-2024-36755?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-36755?

This is classified as CWE-599, which is a common weakness in software security.

CVE-2024-36755

MEDIUM Year: 2024

CVSS v3 Score

6.8

Medium

Weakness Type

CWE-599

View all →

Vulnerability Description

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack.

CVE-2024-41253

HIGH

CVSS:7.1(High)

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.

CWE-5992024

CVE-2024-41265

HIGH

CVSS:7.5(High)

A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.

CWE-5992024

CVE-2024-41265

HIGH

CVSS:7.5(High)

A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.

CWE-5992024

CVE-2024-41253

HIGH

CVSS:7.1(High)

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.

CWE-5992024

CVE-2024-36755

Vulnerability Description

Related Vulnerabilities

CVE-2024-41253

CVE-2024-41265

CVE-2024-41265

CVE-2024-41253