Vulnerabilities > Dlink > DSL 2680 Firmware > 1.03

DATE CVE VULNERABILITY TITLE RISK
2020-03-04 CVE-2019-19226 Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface.
network
low complexity
dlink CWE-306
7.5
7.5
2020-03-04 CVE-2019-19225 Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.
network
low complexity
dlink CWE-306
7.5
7.5
2020-03-04 CVE-2019-19224 Missing Authentication for Critical Function vulnerability in Dlink Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.
network
low complexity
dlink CWE-306
7.5
7.5
2020-03-04 CVE-2019-19223 HTTP Request Smuggling vulnerability in Dlink Dsl-2680 Firmware 1.03
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.
network
low complexity
dlink CWE-444
7.5
7.5
2020-03-04 CVE-2019-19222 Cross-site Scripting vulnerability in Dlink Dsl-2680 Firmware 1.03
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.
network
low complexity
dlink CWE-79
5.4
5.4