CVE-2019-7642

Name of the Vulnerable Software and Affected Versions D-Link DIR-817LW versions A1-1.04 D-Link DIR-816L versions B1-2.06 D-Link DIR-816 versions B1-2.06 D-Link DIR-850L versions A1-1.09 D-Link DIR-868L versions A1-1.10

Description The mydlink feature in D-Link routers has a vulnerability related to insufficient authentication requirements in some web interfaces. This allows an attacker to remotely obtain users' DNS query logs and login logs by sending a specially crafted HTTP request.

Recommendations For DIR-817LW version A1-1.04, restrict access to the vulnerable mydlink web interface until a patch is available. For DIR-816L version B1-2.06, consider disabling the mydlink feature to prevent exploitation. For DIR-816 version B1-2.06, avoid using the mydlink web interface for sensitive operations until the issue is resolved. For DIR-850L version A1-1.09, limit access to the mydlink web interface to minimize the risk of exploitation. For DIR-868L version A1-1.10, as a temporary workaround, consider restricting the use of the mydlink feature until a fix is provided.