CVE-2019-7642
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticación. Un atacante puede conseguir de forma remota los registros de consultas de DNS de los usuarios y los registros de inicio de sesión. Los objetivos vulnerables incluyen pero no se limitan a las versiones más recientes de firmware de DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09) y DIR-868L (A1-1.10).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-08 CVE Reserved
- 2019-03-04 First Exploit
- 2019-03-25 CVE Published
- 2023-12-10 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/xw77cve/CVE-2019-7642 | 2019-03-04 | |
| https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dir-817lw Firmware Search vendor "Dlink" for product "Dir-817lw Firmware" | 1.04 Search vendor "Dlink" for product "Dir-817lw Firmware" and version "1.04" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-817lw Search vendor "Dlink" for product "Dir-817lw" | a1 Search vendor "Dlink" for product "Dir-817lw" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-816l Firmware Search vendor "Dlink" for product "Dir-816l Firmware" | 2.06 Search vendor "Dlink" for product "Dir-816l Firmware" and version "2.06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-816l Search vendor "Dlink" for product "Dir-816l" | b1 Search vendor "Dlink" for product "Dir-816l" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-816 Firmware Search vendor "Dlink" for product "Dir-816 Firmware" | 2.06 Search vendor "Dlink" for product "Dir-816 Firmware" and version "2.06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-816 Search vendor "Dlink" for product "Dir-816" | b1 Search vendor "Dlink" for product "Dir-816" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-850l Firmware Search vendor "Dlink" for product "Dir-850l Firmware" | 1.09 Search vendor "Dlink" for product "Dir-850l Firmware" and version "1.09" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-850l Search vendor "Dlink" for product "Dir-850l" | a1 Search vendor "Dlink" for product "Dir-850l" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-868l Firmware Search vendor "Dlink" for product "Dir-868l Firmware" | 1.10 Search vendor "Dlink" for product "Dir-868l Firmware" and version "1.10" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-868l Search vendor "Dlink" for product "Dir-868l" | a1 Search vendor "Dlink" for product "Dir-868l" and version "a1" | - |
Safe
|