PT-2019-18573 · D Link · Dir-823
David Chen
·
Published
2019-02-05
·
Updated
2020-08-24
·
CVE-2019-7388
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-823G firmware 1.02B03
Description
An issue was discovered allowing remote attackers to get sensitive information, such as MAC addresses, about all clients in the WLAN via the "GetClientInfo HNAP API" endpoint. This is due to incorrect access control, enabling information disclosure without authentication.
Recommendations
For firmware 1.02B03, as a temporary workaround, consider restricting access to the GetClientInfo HNAP API endpoint until a patch is available. Avoid using the GetClientInfo function in the HNAP API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dir-823