CVE-2019-7642
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
Affected (5)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.04 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 817lw | Version a1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.06 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 816l | Version b1 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.06 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 816 | Version b1 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.09 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 850l | Version a1 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.10 |
| Running on/with | Platform Versions |
|---|---|
Dlink Dir 868l | Version a1 |
References (2)
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.