Lucene search

K
cve[email protected]CVE-2019-7642
HistoryMar 25, 2019 - 10:29 p.m.

CVE-2019-7642

2019-03-2522:29:00
CWE-306
web.nvd.nist.gov
29
d-link
routers
mydlink
unauthorized access
vulnerability
cve-2019-7642
dir-817lw
dir-816l
dir-816
dir-850l
dir-868l
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.6%

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users’ DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

Affected configurations

NVD
Node
dlinkdir-817lw_firmwareMatch1.04
AND
dlinkdir-817lwMatcha1
Node
dlinkdir-816l_firmwareMatch2.06
AND
dlinkdir-816lMatchb1
Node
dlinkdir-816_firmwareMatch2.06
AND
dlinkdir-816Matchb1
Node
dlinkdir-850l_firmwareMatch1.09
AND
dlinkdir-850lMatcha1
Node
dlinkdir-868l_firmwareMatch1.10
AND
dlinkdir-868lMatcha1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.6%

Related for CVE-2019-7642