CVE-2019-20213
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
Affected (17)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.05b03 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 859 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.03b01 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.12b04 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 822 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.00b06 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 823 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.07b01 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 865l | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.12b04 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.05b02 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 868l | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03b02 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 869 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.08b04 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 880l | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.11b01 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 890l | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.11b01 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 890r | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.12b05 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 885l | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.12b05 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 885r | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.12b10 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 895l | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.12b10 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 895r | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 818lx | All versions |
Related CWEs
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References (8)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.