CVE-2019-7390

Published: Feb 5, 2019Modified: Jun 17, 2026

8.6

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.

Affected (1)

Products: Dlink: Dir 823g Firmware

1 product

Dir 823g Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 823g Firmware	Version 1.02b03

Running on/with	Platform Versions
Dlink Dir 823g	All versions

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

http://www.securityfocus.com/bid/106855

Source: cve@mitre.org

Third Party Advisory

https://github.com/leonW7/D-Link/blob/master/Vul_5.md

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.securityfocus.com/bid/106855

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/leonW7/D-Link/blob/master/Vul_5.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.