PT-2019-4534 · D Link · D-Link Dir-601

Rahul Pratap Singh

Published

2019-12-26

Updated

2020-01-08

CVE-2019-16327

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-601 B1 version 2.00NA

Description The issue is related to authentication bypass in the D-Link DIR-601 router. It does not perform authentication checks on the server side, instead relying on client-side validation, which can be bypassed. This allows a remote attacker to potentially elevate their privileges.

Recommendations For D-Link DIR-601 B1 version 2.00NA, consider disabling remote access to the device until a fix is available, as this is an end-of-life product and no official patch may be released. Restrict access to the router's administration interface to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2020-00574

CVE-2019-16327

Affected Products

D-Link Dir-601

PT-2019-4534 · D Link · D-Link Dir-601

CVE-2019-16327

Weakness Enumeration

Related Identifiers

Affected Products

References · 4