Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-17506
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-11 Oct, 2019 | 20:15
Updated At-24 Aug, 2020 | 17:37

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
D-Link Corporation
dlink
>>dir-868l_b1_firmware>>2.03
cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-868l_b1>>-
cpe:2.3:h:dlink:dir-868l_b1:-:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-817lw_a1_firmware>>1.04
cpe:2.3:o:dlink:dir-817lw_a1_firmware:1.04:*:*:*:*:*:*:*
D-Link Corporation
dlink
>>dir-817lw_a1>>-
cpe:2.3:h:dlink:dir-817lw_a1:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-306Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.pycve@mitre.org
Exploit
Third Party Advisory
Change History
0Changes found
Details not found