CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-17506

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.929

EPSS Ranking 99.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py
https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py

Products affected by CVE-2019-17506

Dlink » Dir-817lw A1 » Version: N/A

cpe:2.3:h:dlink:dir-817lw_a1:-
Dlink » Dir-868l B1 » Version: N/A

cpe:2.3:h:dlink:dir-868l_b1:-
Dlink » Dir-817lw A1 Firmware » Version: 1.04

cpe:2.3:o:dlink:dir-817lw_a1_firmware:1.04
Dlink » Dir-868l B1 Firmware » Version: 2.03

cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-17506

Products

Pricing

Contact Us