CVE-2019-7390

2019-02-0500:00:00

mitre

www.cve.org

8.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.

References

www.securityfocus.com/bid/106855

github.com/leonW7/D-Link/blob/master/Vul_5.md