CVE-2019-13101 - OpenCVE

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dir-600m Dir-600m Firmware

Configuration 1 [-]

AND

cpe:2.3:h:dlink:dir-600m:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:dlink:dir-600m_firmware:3.02:::::::*
	cpe:2.3:o:dlink:dir-600m_firmware:3.03:::::::*
	cpe:2.3:o:dlink:dir-600m_firmware:3.04:::::::*
	cpe:2.3:o:dlink:dir-600m_firmware:3.06:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html
http://seclists.org/fulldisclosure/2019/Aug/5
https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101
https://seclists.org/bugtraq/2019/Aug/17
https://us.dlink.com/en/security-advisory
https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-08T12:29:17

Updated: 2024-08-04T23:41:10.065Z

Reserved: 2019-06-30T00:00:00

Link: CVE-2019-13101

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-08-08T13:15:12.407

Modified: 2021-04-23T15:17:22.567

Link: CVE-2019-13101

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-13T22:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us.dlink.com/en/security-advisory"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html"}, {"name": "20190809 Dlink-CVE-2019-13101", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Aug/5"}, {"name": "20190813 Dlink-CVE-2019-13101", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Aug/17"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-13101", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", "refsource": "MISC", "url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"}, {"name": "https://us.dlink.com/en/security-advisory", "refsource": "MISC", "url": "https://us.dlink.com/en/security-advisory"}, {"name": "https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101", "refsource": "MISC", "url": "https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101"}, {"name": "http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html"}, {"name": "20190809 Dlink-CVE-2019-13101", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Aug/5"}, {"name": "20190813 Dlink-CVE-2019-13101", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Aug/17"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:41:10.065Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us.dlink.com/en/security-advisory"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html"}, {"name": "20190809 Dlink-CVE-2019-13101", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Aug/5"}, {"name": "20190813 Dlink-CVE-2019-13101", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Aug/17"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-13101", "datePublished": "2019-08-08T12:29:17", "dateReserved": "2019-06-30T00:00:00", "dateUpdated": "2024-08-04T23:41:10.065Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-600m:-:*:*:*:*:*:*:*", "matchCriteriaId": "D17C8001-4987-4A70-84C8-5AFF6F196BFB", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:*", "matchCriteriaId": "0879455D-ADCB-4231-BFFA-57EFD2C70A17", "vulnerable": true}, {"criteria": "cpe:2.3:o:dlink:dir-600m_firmware:3.03:*:*:*:*:*:*:*", "matchCriteriaId": "7E4798A2-02E0-48CD-A928-6243871F591A", "vulnerable": true}, {"criteria": "cpe:2.3:o:dlink:dir-600m_firmware:3.04:*:*:*:*:*:*:*", "matchCriteriaId": "0B7D2E32-92FB-4F68-94A3-FA129A51604C", "vulnerable": true}, {"criteria": "cpe:2.3:o:dlink:dir-600m_firmware:3.06:*:*:*:*:*:*:*", "matchCriteriaId": "940132FF-C02A-42D9-B157-8FD7B5AF4ADA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page."}, {"lang": "es", "value": "Se detecto un problema en los dispositivos D-Link DIR-600M versiones 3.02, 3.03, 3.04 y 3.06. Se puede acceder a wan.htm directamente sin autenticaci\u00f3n, lo que puede conducir a la divulgaci\u00f3n de informaci\u00f3n sobre la WAN, y tambi\u00e9n puede ser aprovechado por un atacante para modificar los campos de datos de la p\u00e1gina."}], "id": "CVE-2019-13101", "lastModified": "2021-04-23T15:17:22.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-08T13:15:12.407", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Aug/5"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Aug/17"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://us.dlink.com/en/security-advisory"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}