Sign-up

ID

VAR-201907-1179


CVE

CVE-2019-1010155


TITLE

D-Link DSL-2750U Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006706

DESCRIPTION

D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage. D-Link DSL-2750U Contains an authentication vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. D-Link DSL-2750U is a wireless router from Taiwan D-Link. D-Link DSL-2750U is prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DSL-2750U Router 1.11 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2019-1010155 // JVNDB: JVNDB-2019-006706 // CNVD: CNVD-2019-39564 // BID: 109351 // VULHUB: VHN-141431

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39564

AFFECTED PRODUCTS

vendor:d linkmodel:dsl-2750uscope:eqversion:1.11

Trust: 1.7

vendor:dlinkmodel:dsl-2750uscope:eqversion:1.11

Trust: 1.0

sources: CNVD: CNVD-2019-39564 // BID: 109351 // JVNDB: JVNDB-2019-006706 // NVD: CVE-2019-1010155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1010155
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-1010155
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-39564
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1275
value: CRITICAL

Trust: 0.6

VULHUB: VHN-141431
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1010155
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-39564
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-141431
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1010155
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-1010155
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39564 // VULHUB: VHN-141431 // JVNDB: JVNDB-2019-006706 // CNNVD: CNNVD-201907-1275 // NVD: CVE-2019-1010155

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-141431 // JVNDB: JVNDB-2019-006706 // NVD: CVE-2019-1010155

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1275

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-1275

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006706

PATCH
title:Top Pageurl:https://us.dlink.com/en/consumer
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006706

EXTERNAL IDS
db:NVDid:CVE-2019-1010155
Trust: 3.4
db:BIDid:109351
Trust: 2.8
db:CXSECURITYid:WLB-2018080199
Trust: 2.3
db:JVNDBid:JVNDB-2019-006706
Trust: 0.8
db:CNNVDid:CNNVD-201907-1275
Trust: 0.7
db:CNVDid:CNVD-2019-39564
Trust: 0.6
db:VULHUBid:VHN-141431
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39564 // 
            
            
            
            VULHUB: VHN-141431 // 
            
            
            
            BID: 109351 // 
            
            
            
            JVNDB: JVNDB-2019-006706 // 
            
            
            
            CNNVD: CNNVD-201907-1275 // 
            
            
            
            NVD: CVE-2019-1010155

REFERENCES
url:http://www.securityfocus.com/bid/109351
Trust: 3.1
url:https://cxsecurity.com/issue/wlb-2018080199
Trust: 2.3
url:https://www.youtube.com/watch?v=7sk6agpca_s
Trust: 1.7
url:https://youtu.be/bqqbp2vn_wy
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1010155
Trust: 1.4
url:http://www.dlink.com/
Trust: 0.9
url:https://www.tenable.com/cve/cve-2019-1010155
Trust: 0.9
url:https://www.tenable.com/cve/cve-2019-1010156
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1010155
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-39564 // 
            
            
            
            VULHUB: VHN-141431 // 
            
            
            
            BID: 109351 // 
            
            
            
            JVNDB: JVNDB-2019-006706 // 
            
            
            
            CNNVD: CNNVD-201907-1275 // 
            
            
            
            NVD: CVE-2019-1010155

CREDITS
ADMIN_Joker
Trust: 0.9
sources:
            
            
            BID: 109351 // 
            
            
            
            CNNVD: CNNVD-201907-1275

SOURCES
db:CNVDid:CNVD-2019-39564
db:VULHUBid:VHN-141431
db:BIDid:109351
db:JVNDBid:JVNDB-2019-006706
db:CNNVDid:CNNVD-201907-1275
db:NVDid:CVE-2019-1010155

LAST UPDATE DATE
2024-08-14T13:26:07.659000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39564date:2019-11-07T00:00:00
db:VULHUBid:VHN-141431date:2023-03-01T00:00:00
db:BIDid:109351date:2019-07-23T00:00:00
db:JVNDBid:JVNDB-2019-006706date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201907-1275date:2020-08-25T00:00:00
db:NVDid:CVE-2019-1010155date:2024-08-05T03:15:25.750

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-39564date:2019-11-07T00:00:00
db:VULHUBid:VHN-141431date:2019-07-23T00:00:00
db:BIDid:109351date:2019-07-23T00:00:00
db:JVNDBid:JVNDB-2019-006706date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201907-1275date:2019-07-23T00:00:00
db:NVDid:CVE-2019-1010155date:2019-07-23T14:15:12.623