Vulnerability Details : CVE-2019-17353
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
Products affected by CVE-2019-17353
- cpe:2.3:o:dlink:dir-615_firmware:20.07:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dir-615_firmware:20.05:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-17353
0.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-17353
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
|
8.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N |
3.9
|
4.2
|
NIST |
CWE ids for CVE-2019-17353
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-17353
-
https://github.com/d0x0/D-Link-DIR-615/blob/master/CVE-2019-17353
D-Link-DIR-615/CVE-2019-17353 at master · d0x0/D-Link-DIR-615 · GitHubThird Party Advisory
-
https://us.dlink.com/en/security-advisory
Security Advisory | D-LinkVendor Advisory
-
https://www.dlink.com/en/security-bulletin
Security Bulletin | D-LinkVendor Advisory
-
https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf
Third Party Advisory;US Government Resource
Jump to