Dsl-2680 Firmware Security Vulnerabilities and Issues — Dsl-2680 Firmware CVE List

Lucene search

DlinkDsl-2680 Firmware

5 matches found

CVE•added 2020/03/04 7:15 p.m.•56 views

CVE-2019-19226

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface.

7.5CVSS7.2AI score0.02116EPSS

CVE•added 2020/03/04 7:15 p.m.•54 views

CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.

5.4CVSS5.1AI score0.0051EPSS

CVE•added 2020/03/04 7:15 p.m.•53 views

CVE-2019-19224

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.

7.5CVSS7.3AI score0.01568EPSS

CVE•added 2020/03/04 7:15 p.m.•39 views

CVE-2019-19223

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.

7.8CVSS7.3AI score0.04082EPSS

CVE•added 2020/03/04 7:15 p.m.•32 views

CVE-2019-19225

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.

7.5CVSS7.2AI score0.02116EPSS