CVE-2019-10039

🗓️ 25 Mar 2019 18:03:37Reported by mitreType

cve🔗 web.nvd.nist.gov👁 50 Views🌐 WEB

D-Link DIR-816 A2 1.11 router vulnerability allows unauthorized system account editing

Reporter	Title	Published	Views	Family All 7
CNVD	D-Link DIR-816 A2 Router Web or System Account Editing Vulnerability	26 Mar 201900:00	–	cnvd
Cvelist	CVE-2019-10039	25 Mar 201918:03	–	cvelist
EUVD	EUVD-2019-2103	7 Oct 202500:30	–	euvd
NVD	CVE-2019-10039	25 Mar 201919:29	–	nvd
OSV	CVE-2019-10039	25 Mar 201919:29	–	osv
Prion	Authentication flaw	25 Mar 201919:29	–	prion
RedhatCVE	CVE-2019-10039	22 May 202504:46	–	redhatcve

NVD

Node

AND

Source	Link
github	www.github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/edit_web_and_sys_account/README.md

Parameter	Position	Path	Description	CWE
token	request body	/goform/setSysAdm	Endpoint allows editing web/system account after obtaining a random token, enabling unauthorized access without authentication.	CWE-306
account	request body	/goform/setSysAdm	Endpoint allows editing web/system account after obtaining a random token, enabling unauthorized access without authentication.	CWE-306
password	request body	/goform/setSysAdm	Endpoint allows editing web/system account after obtaining a random token, enabling unauthorized access without authentication.	CWE-306
username	request body	/goform/setSysAdm	Endpoint allows editing web/system account after obtaining a random token, enabling unauthorized access without authentication.	CWE-306
privileges	request body	/goform/setSysAdm	Endpoint allows editing web/system account after obtaining a random token, enabling unauthorized access without authentication.	CWE-306

21 Nov 2024 04:18Current

9.3High risk

Vulners AI Score9.3

CVSS 25

CVSS 39.8

EPSS0.01213