D-Link DSL-2875AL Information Disclosure Vulnerability (CNVD-2020-18994)

The D-Link DSL-2875AL is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DSL-2875AL prior to version 1.00.05. The vulnerability can be exploited by an attacker to obtain a password by sending a simple /romfile.cfg request to the web management...

CVE-2019-15656

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of usernamev and passwordv variables...

CVE-2019-15656

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of usernamev and passwordv variables...

Design/Logic Flaw

D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext...

Information disclosure

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of usernamev and passwordv variables...

CVE-2019-15656

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of usernamev and passwordv variables...

CVE-2019-15656

CVE-2019-15656 affects D‑Link DSL-2875AL and DSL-2877AL devices up to firmware 1.00.05, where information disclosure is possible via a crafted request to index.asp on the web management server due to username_v and password_v variables. Some sources describe an attacker being able to obtain crede...

CVE-2019-15655

CVE-2019-15655 affects D-Link DSL-2875AL devices (firmware 1.00.05 and earlier). A crafted unauthenticated request to the web management endpoint /romfile.cfg allows password disclosure by saving the configuration file, with the password stored in cleartext. The vulnerability is described across ...

CVE-2019-15655

D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext...

PT-2020-4210 · D Link · D-Link Dsl-2875Al

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2875AL versions 1.00.05 and earlier Description: The issue is related to insufficient protection of registration data, allowing an attacker to gain unauthorized access to protected information using a specially crafted request to t...

PT-2020-4209 · D Link · D-Link Dsl-2875Al +1

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 Description: The issue is related to information disclosure via a crafted request to "index.asp" on the web management server. This is due to the username v and password v variables. Th...

D-Link DSL-2875AL Password Disclosure Vulnerability

D-Link DSL-2875AL is prone to a password disclosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...