CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13563
https://notcve.org/view.php?id=CVE-2019-13563
D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. Los dispositivos DIR-655 C anterior a versión 3.02B05 BETA03 de D-Link, permiten una vulnerabilidad de tipo CSRF para toda la consola de administración. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/csrf.txt https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13560
https://notcve.org/view.php?id=CVE-2019-13560
D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to force a blank password via the apply_sec.cgi setup_wizard parameter. Los dispositivos DIR-655 C anterior a versión 3.02B05 BETA03 de D-Link, permiten a los atacantes remotos forzar una contraseña en blanco por medio del parámetro setup_wizard del archivo apply_sec.cgi. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DIR-655_REVC_RELEASE_NOTES_v3.02B05_BETA03.pdf https://www.nccgroup.trust/contentassets/7188fe7f130846ffa31827fc1661d120/setupwizard.txt https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/july/the-d-link-dir-655c-from-nothing-to-rce • CWE-255: Credentials Management Errors •