CVE-2019-19224

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions D-Link DSL-2680 version EU 1.03

Description A Broken Access Control issue in the web administration interface allows an attacker to download configuration settings by submitting a "rom-0" GET request without authentication on the admin interface.

Recommendations For D-Link DSL-2680 version EU 1.03, consider restricting access to the web administration interface until a fix is available. As a temporary workaround, avoid using the "rom-0" GET request in the admin interface to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-755

Related Identifiers

BDU:2020-01435

CVE-2019-19224

Affected Products

D-Link Dsl-2680

CVE-2019-19224

Weakness Enumeration

Related Identifiers

Affected Products

References · 18