CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-817lw_firmware:1.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-817lw:a1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dlink:dir-816_firmware:2.06:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-816:b1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dlink:dir-850l_firmware:1.09:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-850l:a1:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dlink:dir-868l_firmware:1.10:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-25 22:29

Updated : 2024-02-28 17:08

NVD link : CVE-2019-7642

Mitre link : CVE-2019-7642

CVE.ORG link : CVE-2019-7642

JSON object : View

Products Affected

dlink

dir-817lw_firmware
dir-816l_firmware
dir-868l_firmware
dir-868l
dir-850l
dir-850l_firmware
dir-816_firmware
dir-816
dir-817lw
dir-816l

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2019-7642", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-03-25T22:29:00.810", "references": [{"url": "https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10)."}, {"lang": "es", "value": "Los routers D-Link con la funcionalidad mydlink presentan algunas interfaces web sin requerimientos de autenticaci\u00f3n. Un atacante puede conseguir de forma remota los registros de consultas de DNS de los usuarios y los registros de inicio de sesi\u00f3n. Los objetivos vulnerables incluyen pero no se limitan a las versiones m\u00e1s recientes de firmware de DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09) y DIR-868L (A1-1.10)."}], "lastModified": "2021-04-23T15:45:24.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-817lw_firmware:1.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8860070A-8B05-46B9-A8CD-AD2DA9B543FD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-817lw:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DADD4BA-C614-40C1-BEA4-76DDA87FBAB3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1817EE29-D782-4A98-A478-20BDA559C5CE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-816l:b1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "637B2D4B-0EA7-4E30-9B2B-77484D701042"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-816_firmware:2.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F74DFB0-3630-416A-8C15-73181EFA4DE9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-816:b1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9348DEC5-2136-4979-859E-72D01C9840CE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-850l_firmware:1.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F270BF5D-19E8-499C-A089-6E17DEC2E7E9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-850l:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E293D83B-F8D8-46DC-84B6-EF08F773BEC0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-868l_firmware:1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62D91030-F965-427A-A51B-BC0A3AB78368"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-868l:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D8A8303-F830-477F-8944-F1149A0CD521"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}