CVE-2019-17506 - OpenCVE

There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dir-817lw A1 Dir-817lw A1 Firmware Dir-868l B1 Dir-868l B1 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-868l_b1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dlink:dir-817lw_a1_firmware:1.04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-817lw_a1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-11T19:29:43

Updated: 2024-08-05T01:40:15.762Z

Reserved: 2019-10-11T00:00:00

Link: CVE-2019-17506

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-10-11T20:15:17.003

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-17506

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-30T14:06:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17506", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py", "refsource": "MISC", "url": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:15.762Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17506", "datePublished": "2019-10-11T19:29:43", "dateReserved": "2019-10-11T00:00:00", "dateUpdated": "2024-08-05T01:40:15.762Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03:*:*:*:*:*:*:*", "matchCriteriaId": "07DF1781-7AF4-4A24-818B-67862F593358", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-868l_b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DBAAA87-BE50-4587-A1A9-D6E246A4CDBA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-817lw_a1_firmware:1.04:*:*:*:*:*:*:*", "matchCriteriaId": "BB6A4316-EE54-4DA5-AB8F-6B8B41306DB1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-817lw_a1:-:*:*:*:*:*:*:*", "matchCriteriaId": "D68A181F-4862-4CCA-9519-37D0E3AFAF12", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely."}, {"lang": "es", "value": "Existen algunas interfaces web sin requisitos de autenticaci\u00f3n en los enrutadores D-Link DIR-868L B1-2.03 y DIR-817LW A1-1.04. Un atacante puede obtener el nombre de usuario y la contrase\u00f1a del enrutador (y otra informaci\u00f3n) mediante un valor DEVICE.ACCOUNT para SERVICIOS junto con AUTHORIZED_GROUP=1%0a en el archivo getcfg.php. Esto podr\u00eda ser usado para controlar el enrutador remotamente."}], "id": "CVE-2019-17506", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-11T20:15:17.003", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}