PT-2020-10105 · D Link · D-Link Dsl-2680
Published
2020-03-04
·
Updated
2023-04-26
·
CVE-2019-19226
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DSL-2680 version EU 1.03
Description
A Broken Access Control issue in the web administration interface allows an attacker to enable or disable MAC address filtering by submitting a crafted "Forms/WlanMacFilter 1" POST request without being authenticated on the admin interface.
Recommendations
For D-Link DSL-2680 version EU 1.03, consider disabling the
Forms/WlanMacFilter 1 POST request handling until a patch is available to prevent exploitation of this issue. Restrict access to the web administration interface to minimize the risk of unauthorized changes to MAC address filtering settings.Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dsl-2680