Sign-up

ID

VAR-201907-1180


CVE

CVE-2019-1010156


TITLE

D-Link DSL-2750U Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006707

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-1010155. Reason: This candidate is a duplicate of CVE-2019-1010155. Notes: All CVE users should reference CVE-2019-1010155 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. D-Link DSL-2750U There are authentication vulnerabilities in the firmware.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-2750U is a wireless router from D-Link Corporation of Taiwan, China. An authentication bypass vulnerability exists in the login form in D-Link DSL-2750U using firmware version 1.11. An attacker could exploit the vulnerability to cause a denial of service and to disclose information. D-Link DSL-2750U is prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. D-Link DSL-2750U Router 1.11 is vulnerable; other versions may also be affected

Trust: 2.52

sources: NVD: CVE-2019-1010156 // JVNDB: JVNDB-2019-006707 // CNVD: CNVD-2019-24562 // BID: 109351 // VULHUB: VHN-141432

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-24562

AFFECTED PRODUCTS

vendor:d linkmodel:dsl-2750uscope:eqversion:1.11

Trust: 1.1

vendor:dlinkmodel:d-link dsl-2750uscope:eqversion:1.11

Trust: 0.6

sources: CNVD: CNVD-2019-24562 // BID: 109351 // JVNDB: JVNDB-2019-006707

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2019-1010156
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-24562
value: MEDIUM

Trust: 0.6

NVD: CVE-2019-1010156
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-24562
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD: CVE-2019-1010156
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-24562 // JVNDB: JVNDB-2019-006707

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-141432 // JVNDB: JVNDB-2019-006707

THREAT TYPE

network

Trust: 0.3

sources: BID: 109351

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 109351

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006707

PATCH
title:Top Pageurl:https://us.dlink.com/en/consumer
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006707

EXTERNAL IDS
db:NVDid:CVE-2019-1010156
Trust: 2.8
db:BIDid:109351
Trust: 1.7
db:JVNDBid:JVNDB-2019-006707
Trust: 0.8
db:CNVDid:CNVD-2019-24562
Trust: 0.6
db:VULHUBid:VHN-141432
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-24562 // 
            
            
            
            VULHUB: VHN-141432 // 
            
            
            
            BID: 109351 // 
            
            
            
            JVNDB: JVNDB-2019-006707 // 
            
            
            
            NVD: CVE-2019-1010156

REFERENCES
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1010156
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-1010156
Trust: 0.8
url:http://www.securityfocus.com/bid/109351
Trust: 0.8
url:https://youtu.be/bqqbp2vn_wy
Trust: 0.6
url:http://www.dlink.com/
Trust: 0.3
url:https://www.tenable.com/cve/cve-2019-1010155
Trust: 0.3
url:https://www.tenable.com/cve/cve-2019-1010156
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2019-24562 // 
            
            
            
            BID: 109351 // 
            
            
            
            JVNDB: JVNDB-2019-006707

CREDITS
ADMIN_Joker
Trust: 0.3
sources:
            
            
            BID: 109351

SOURCES
db:CNVDid:CNVD-2019-24562
db:VULHUBid:VHN-141432
db:BIDid:109351
db:JVNDBid:JVNDB-2019-006707
db:NVDid:CVE-2019-1010156

LAST UPDATE DATE
2024-08-14T13:26:07.632000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-24562date:2019-07-29T00:00:00
db:VULHUBid:VHN-141432date:2019-07-29T00:00:00
db:BIDid:109351date:2019-07-23T00:00:00
db:JVNDBid:JVNDB-2019-006707date:2019-07-25T00:00:00
db:NVDid:CVE-2019-1010156date:2023-11-07T03:02:17.007

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-24562date:2019-07-29T00:00:00
db:VULHUBid:VHN-141432date:2019-07-23T00:00:00
db:BIDid:109351date:2019-07-23T00:00:00
db:JVNDBid:JVNDB-2019-006707date:2019-07-25T00:00:00
db:NVDid:CVE-2019-1010156date:2019-07-23T14:15:12.687