Details of VAR-201903-0482

ID

VAR-201903-0482

CVE

CVE-2019-7642

TITLE

plural D-Link Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-003086

DESCRIPTION

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). plural D-Link The product contains authentication vulnerabilities.Information may be obtained. D-Link is a company specializing in the design and development of computer network equipment. D-LinkDIR-817LW is a wireless router from D-Link of Taiwan, China. An information disclosure vulnerability exists in the D-Link router. D-Link DIR-817LW, etc. The following products are affected: D-Link DIR-817LW (A1-1.04); DIR-816L (B1-2.06); DIR-816 (B1-2.06); DIR-850L (A1-1.09); 1.10)

Trust: 2.34

sources: NVD: CVE-2019-7642 // JVNDB: JVNDB-2019-003086 // CNVD: CNVD-2019-23343 // VULHUB: VHN-159077 // VULMON: CVE-2019-7642

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-23343

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-816	scope:	eq	version:	2.06	Trust: 1.0
vendor:	dlink	model:	dir-868l	scope:	eq	version:	1.10	Trust: 1.0
vendor:	dlink	model:	dir-817lw	scope:	eq	version:	1.04	Trust: 1.0
vendor:	dlink	model:	dir-816l	scope:	eq	version:	2.06	Trust: 1.0
vendor:	dlink	model:	dir-850l	scope:	eq	version:	1.09	Trust: 1.0
vendor:	d link	model:	dir-816	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-816l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-817lw	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-850l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-868l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-817lw a1-1.04	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-23343 // JVNDB: JVNDB-2019-003086 // NVD: CVE-2019-7642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-7642
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-7642
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-23343
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201903-926
value:	HIGH
Trust: 0.6
VULHUB:	VHN-159077
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-7642
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-7642
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-23343
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-159077
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-7642
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-7642
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-23343 // VULHUB: VHN-159077 // VULMON: CVE-2019-7642 // JVNDB: JVNDB-2019-003086 // CNNVD: CNNVD-201903-926 // NVD: CVE-2019-7642

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-287	Trust: 0.9

sources: VULHUB: VHN-159077 // JVNDB: JVNDB-2019-003086 // NVD: CVE-2019-7642

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-926

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201903-926

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003086

PATCH

title:	Top Page	url:	http://www.dlink.lt/en/	Trust: 0.8
title:	CVE-2019-7642	url:	https://github.com/xw77cve/cve	Trust: 0.1
title:	CVE-2019-7642	url:	https://github.com/xw77cve/CVE-2019-7642	Trust: 0.1
title:	PoC	url:	https://github.com/Jonathan-Elias/PoC	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1

sources: VULMON: CVE-2019-7642 // JVNDB: JVNDB-2019-003086

EXTERNAL IDS

db:	NVD	id:	CVE-2019-7642	Trust: 3.2
db:	JVNDB	id:	JVNDB-2019-003086	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-926	Trust: 0.7
db:	CNVD	id:	CNVD-2019-23343	Trust: 0.6
db:	VULHUB	id:	VHN-159077	Trust: 0.1
db:	VULMON	id:	CVE-2019-7642	Trust: 0.1

sources: CNVD: CNVD-2019-23343 // VULHUB: VHN-159077 // VULMON: CVE-2019-7642 // JVNDB: JVNDB-2019-003086 // CNNVD: CNNVD-201903-926 // NVD: CVE-2019-7642

REFERENCES

url:	https://github.com/xw77cve/cve-2019-7642/blob/master/readme.md	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-7642	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7642	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/306.html	Trust: 0.1
url:	https://github.com/xw77cve/cve	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/nomi-sec/poc-in-github	Trust: 0.1

sources: CNVD: CNVD-2019-23343 // VULHUB: VHN-159077 // VULMON: CVE-2019-7642 // JVNDB: JVNDB-2019-003086 // CNNVD: CNNVD-201903-926 // NVD: CVE-2019-7642

SOURCES

db:	CNVD	id:	CNVD-2019-23343
db:	VULHUB	id:	VHN-159077
db:	VULMON	id:	CVE-2019-7642
db:	JVNDB	id:	JVNDB-2019-003086
db:	CNNVD	id:	CNNVD-201903-926
db:	NVD	id:	CVE-2019-7642

LAST UPDATE DATE

2024-11-23T23:11:54.627000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-23343	date:	2019-07-19T00:00:00
db:	VULHUB	id:	VHN-159077	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-7642	date:	2021-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-003086	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-926	date:	2021-04-25T00:00:00
db:	NVD	id:	CVE-2019-7642	date:	2024-11-21T04:48:27.040

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-23343	date:	2019-07-18T00:00:00
db:	VULHUB	id:	VHN-159077	date:	2019-03-25T00:00:00
db:	VULMON	id:	CVE-2019-7642	date:	2019-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-003086	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201903-926	date:	2019-03-25T00:00:00
db:	NVD	id:	CVE-2019-7642	date:	2019-03-25T22:29:00.810