CVE-2019-16190

Published: Sep 9, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.

Affected (3)

Products: Dlink: Dir 868l Firmware, Dir 885l Firmware, Dir 895l Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 868l Firmware	Up to 2.03

Running on/with	Platform Versions
Dlink Dir 868l	Version b

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 885l Firmware	Up to 1.20

Running on/with	Platform Versions
Dlink Dir 885l	Version a

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 895l Firmware	Up to 1.21

Running on/with	Platform Versions
Dlink Dir 895l	Version a

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.