Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

Published

2019-03-25T22:29:00.810

Last Modified

2024-11-21T04:48:27.040

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dir-817lw_firmware	1.04	Yes
Hardware	dlink	dir-817lw	a1	No
Operating System	dlink	dir-816l_firmware	2.06	Yes
Hardware	dlink	dir-816l	b1	No
Operating System	dlink	dir-816_firmware	2.06	Yes
Hardware	dlink	dir-816	b1	No
Operating System	dlink	dir-850l_firmware	1.09	Yes
Hardware	dlink	dir-850l	a1	No
Operating System	dlink	dir-868l_firmware	1.10	Yes
Hardware	dlink	dir-868l	a1	No

References

https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md Exploit, Third Party Advisory ([email protected])
https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)