Vulnerabilities > CVE-2019-20213 - Incorrect Authorization vulnerability in Dlink products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dlink

CWE-863

NVD

Published: 2020-01-02

Updated: 2023-11-07

Summary

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.

Vulnerable Configurations

Part	Description	Count
OS	Dlink Dlink DIR 859 Firmware 1.03.B04 Dlink DIR 859 Firmware 1.05 Dlink DIR 859 Firmware 1.05B03 Dlink DIR 859 Firmware 1.06B01 Dlink DIR 822 Firmware - Dlink DIR 822 Firmware 1.0.2 Dlink DIR 822 Firmware 2.00Krb06 Dlink DIR 822 Firmware 2.02Krb01 Dlink DIR 822 Firmware 2.02Krb05 Dlink DIR 822 Firmware 2.02Krb06 Dlink DIR 822 Firmware 2.03B01 Dlink DIR 822 Firmware 3.01 Dlink DIR 822 Firmware 3.10B06 Dlink DIR 822 Firmware 3.12B04 Dlink DIR 823 Firmware - Dlink DIR 823 Firmware 1.00 Dlink DIR 823 Firmware 1.00B06 Dlink DIR 865L Firmware - Dlink DIR 865L Firmware 1.07B01 Dlink DIR 868L Firmware - Dlink DIR 868L Firmware 1.10 Dlink DIR 868L Firmware 1.12 Dlink DIR 868L Firmware 1.12_Eu_Multi_20170316 Dlink DIR 868L Firmware 1.12B04 Dlink DIR 868L Firmware 2.00 Dlink DIR 868L Firmware 2.01 Dlink DIR 868L Firmware 2.03 Dlink DIR 868L Firmware 2.05B02 Dlink DIR 869 Firmware - Dlink DIR 869 Firmware 1.03B02 Dlink DIR 880L Firmware - Dlink DIR 880L Firmware 1.07 Dlink DIR 880L Firmware 1.07.B08 Dlink DIR 880L Firmware 1.08B04 Dlink DIR 890L Firmware - Dlink DIR 890L Firmware 1.05 Dlink DIR 890L Firmware 1.07B09 Dlink DIR 890L Firmware 1.09 Dlink DIR 890L Firmware 1.11B01 Dlink DIR 890R Firmware - Dlink DIR 890R Firmware 1.11B01 Dlink DIR 885L Firmware - Dlink DIR 885L Firmware 1.02 Dlink DIR 885L Firmware 1.11 Dlink DIR 885L Firmware 1.12B05 Dlink DIR 885R Firmware - Dlink DIR 885R Firmware 1.12B05 Dlink DIR 895L Firmware - Dlink DIR 895L Firmware 1.02 Dlink DIR 895L Firmware 1.11 Dlink DIR 895L Firmware 1.12 Dlink DIR 895L Firmware 1.12B10 Dlink DIR 895R Firmware - Dlink DIR 895R Firmware 1.12B10 Dlink DIR 818Lx Firmware -	63
Hardware	Dlink Dlink DIR 859 - Dlink DIR 822 - Dlink DIR 823 - Dlink DIR 865L - Dlink DIR 868L - Dlink DIR 869 - Dlink DIR 880L - Dlink DIR 890L - Dlink DIR 890R - Dlink DIR 885L - Dlink DIR 885R - Dlink DIR 895L - Dlink DIR 895R - Dlink DIR 818Lx -	14

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References