CVE-2019-13101 – D-Link DIR-600M - Authentication Bypass

https://notcve.org/view.php?id=CVE-2019-13101

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. Se detecto un problema en los dispositivos D-Link DIR-600M versiones 3.02, 3.03, 3.04 y 3.06. Se puede acceder a wan.htm directamente sin autenticación, lo que puede conducir a la divulgación de información sobre la WAN, y también puede ser aprovechado por un atacante para modificar los campos de datos de la página. • https://www.exploit-db.com/exploits/47250 http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html http://seclists.org/fulldisclosure/2019/Aug/5 https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101 https://seclists.org/bugtraq/2019/Aug/17 https://us.dlink.com/en/security-advisory https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf • CWE-306: Missing Authentication for Critical Function •