CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 1CVE-2019-13101 – D-Link DIR-600M - Authentication Bypass
https://notcve.org/view.php?id=CVE-2019-13101
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. Se detecto un problema en los dispositivos D-Link DIR-600M versiones 3.02, 3.03, 3.04 y 3.06. Se puede acceder a wan.htm directamente sin autenticación, lo que puede conducir a la divulgación de información sobre la WAN, y también puede ser aprovechado por un atacante para modificar los campos de datos de la página. • https://www.exploit-db.com/exploits/47250 http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html http://seclists.org/fulldisclosure/2019/Aug/5 https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101 https://seclists.org/bugtraq/2019/Aug/17 https://us.dlink.com/en/security-advisory https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-10676
https://notcve.org/view.php?id=CVE-2017-10676
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. En los dispositivos D-Link DIR-600M anteriores a versión C1_v3.05ENB01_beta_20170306, se encontró un problema de tipo XSS en el parámetro username del archivo form2userconfig.cgi. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-600M/REVC/DIR-600M_REVC_FIRMWARE_PATCH_NOTES_3.05B01_EN.pdf https://iscouncil.blogspot.com/2017/07/stored-xss-in-d-link-dir-600m-router.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •