ID

VAR-201907-1179


CVE

CVE-2019-1010155


TITLE

D-Link DSL-2750U Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006706

DESCRIPTION

D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. The impact is: denial of service and information leakage. The component is: login. NOTE: Third parties dispute this issues as not being a vulnerability because although the wizard is accessible without authentication, it can't actually configure anything. Thus, there is no denial of service or information leakage. D-Link DSL-2750U Contains an authentication vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. D-Link DSL-2750U is a wireless router from Taiwan D-Link. D-Link DSL-2750U is prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DSL-2750U Router 1.11 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2019-1010155 // JVNDB: JVNDB-2019-006706 // CNVD: CNVD-2019-39564 // BID: 109351 // VULHUB: VHN-141431

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39564

AFFECTED PRODUCTS

vendor:d linkmodel:dsl-2750uscope:eqversion:1.11

Trust: 1.7

vendor:dlinkmodel:dsl-2750uscope:eqversion:1.11

Trust: 1.0

sources: CNVD: CNVD-2019-39564 // BID: 109351 // JVNDB: JVNDB-2019-006706 // NVD: CVE-2019-1010155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1010155
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-1010155
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-39564
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1275
value: CRITICAL

Trust: 0.6

VULHUB: VHN-141431
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1010155
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-39564
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-141431
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1010155
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-1010155
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39564 // VULHUB: VHN-141431 // JVNDB: JVNDB-2019-006706 // CNNVD: CNNVD-201907-1275 // NVD: CVE-2019-1010155

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-141431 // JVNDB: JVNDB-2019-006706 // NVD: CVE-2019-1010155

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1275

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201907-1275

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006706

PATCH

title:Top Pageurl:https://us.dlink.com/en/consumer

Trust: 0.8

sources: JVNDB: JVNDB-2019-006706

EXTERNAL IDS

db:NVDid:CVE-2019-1010155

Trust: 3.4

db:BIDid:109351

Trust: 2.8

db:CXSECURITYid:WLB-2018080199

Trust: 2.3

db:JVNDBid:JVNDB-2019-006706

Trust: 0.8

db:CNNVDid:CNNVD-201907-1275

Trust: 0.7

db:CNVDid:CNVD-2019-39564

Trust: 0.6

db:VULHUBid:VHN-141431

Trust: 0.1

sources: CNVD: CNVD-2019-39564 // VULHUB: VHN-141431 // BID: 109351 // JVNDB: JVNDB-2019-006706 // CNNVD: CNNVD-201907-1275 // NVD: CVE-2019-1010155

REFERENCES

url:http://www.securityfocus.com/bid/109351

Trust: 3.1

url:https://cxsecurity.com/issue/wlb-2018080199

Trust: 2.3

url:https://www.youtube.com/watch?v=7sk6agpca_s

Trust: 1.7

url:https://youtu.be/bqqbp2vn_wy

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010155

Trust: 1.4

url:http://www.dlink.com/

Trust: 0.9

url:https://www.tenable.com/cve/cve-2019-1010155

Trust: 0.9

url:https://www.tenable.com/cve/cve-2019-1010156

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1010155

Trust: 0.8

sources: CNVD: CNVD-2019-39564 // VULHUB: VHN-141431 // BID: 109351 // JVNDB: JVNDB-2019-006706 // CNNVD: CNNVD-201907-1275 // NVD: CVE-2019-1010155

CREDITS

ADMIN_Joker

Trust: 0.9

sources: BID: 109351 // CNNVD: CNNVD-201907-1275

SOURCES

db:CNVDid:CNVD-2019-39564
db:VULHUBid:VHN-141431
db:BIDid:109351
db:JVNDBid:JVNDB-2019-006706
db:CNNVDid:CNNVD-201907-1275
db:NVDid:CVE-2019-1010155

LAST UPDATE DATE

2024-08-14T13:26:07.659000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-39564date:2019-11-07T00:00:00
db:VULHUBid:VHN-141431date:2023-03-01T00:00:00
db:BIDid:109351date:2019-07-23T00:00:00
db:JVNDBid:JVNDB-2019-006706date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201907-1275date:2020-08-25T00:00:00
db:NVDid:CVE-2019-1010155date:2024-08-05T03:15:25.750

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-39564date:2019-11-07T00:00:00
db:VULHUBid:VHN-141431date:2019-07-23T00:00:00
db:BIDid:109351date:2019-07-23T00:00:00
db:JVNDBid:JVNDB-2019-006706date:2019-07-25T00:00:00
db:CNNVDid:CNNVD-201907-1275date:2019-07-23T00:00:00
db:NVDid:CVE-2019-1010155date:2019-07-23T14:15:12.623