CVE-2019-13101

{"id": "CVE-2019-13101", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-08-08T13:15:12.407", "references": [{"url": "http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/Aug/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Aug/17", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://us.dlink.com/en/security-advisory", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page."}, {"lang": "es", "value": "Se detecto un problema en los dispositivos D-Link DIR-600M versiones 3.02, 3.03, 3.04 y 3.06. Se puede acceder a wan.htm directamente sin autenticaci\u00f3n, lo que puede conducir a la divulgaci\u00f3n de informaci\u00f3n sobre la WAN, y tambi\u00e9n puede ser aprovechado por un atacante para modificar los campos de datos de la p\u00e1gina."}], "lastModified": "2021-04-23T15:17:22.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-600m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D17C8001-4987-4A70-84C8-5AFF6F196BFB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0879455D-ADCB-4231-BFFA-57EFD2C70A17"}, {"criteria": "cpe:2.3:o:dlink:dir-600m_firmware:3.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E4798A2-02E0-48CD-A928-6243871F591A"}, {"criteria": "cpe:2.3:o:dlink:dir-600m_firmware:3.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B7D2E32-92FB-4F68-94A3-FA129A51604C"}, {"criteria": "cpe:2.3:o:dlink:dir-600m_firmware:3.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "940132FF-C02A-42D9-B157-8FD7B5AF4ADA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}