// For flags

CVE-2019-7642

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. Un atacante puede conseguir de forma remota los registros de consultas de DNS de los usuarios y los registros de inicio de sesión. Los objetivos vulnerables incluyen pero no se limitan a las versiones más recientes de firmware de DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09) y DIR-868L (A1-1.10).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-02-08 CVE Reserved
  • 2019-03-04 First Exploit
  • 2019-03-25 CVE Published
  • 2023-12-10 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-306: Missing Authentication for Critical Function
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
Dir-817lw Firmware
Search vendor "Dlink" for product "Dir-817lw Firmware"
1.04
Search vendor "Dlink" for product "Dir-817lw Firmware" and version "1.04"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-817lw
Search vendor "Dlink" for product "Dir-817lw"
a1
Search vendor "Dlink" for product "Dir-817lw" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-816l Firmware
Search vendor "Dlink" for product "Dir-816l Firmware"
2.06
Search vendor "Dlink" for product "Dir-816l Firmware" and version "2.06"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-816l
Search vendor "Dlink" for product "Dir-816l"
b1
Search vendor "Dlink" for product "Dir-816l" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-816 Firmware
Search vendor "Dlink" for product "Dir-816 Firmware"
2.06
Search vendor "Dlink" for product "Dir-816 Firmware" and version "2.06"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-816
Search vendor "Dlink" for product "Dir-816"
b1
Search vendor "Dlink" for product "Dir-816" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-850l Firmware
Search vendor "Dlink" for product "Dir-850l Firmware"
1.09
Search vendor "Dlink" for product "Dir-850l Firmware" and version "1.09"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-850l
Search vendor "Dlink" for product "Dir-850l"
a1
Search vendor "Dlink" for product "Dir-850l" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-868l Firmware
Search vendor "Dlink" for product "Dir-868l Firmware"
1.10
Search vendor "Dlink" for product "Dir-868l Firmware" and version "1.10"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-868l
Search vendor "Dlink" for product "Dir-868l"
a1
Search vendor "Dlink" for product "Dir-868l" and version "a1"
-
Safe