Vulnerabilities > CVE-2019-20213 - Incorrect Authorization vulnerability in Dlink products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f
- https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f
- https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03
- https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147