Sign-up

ID

VAR-201902-0161


CVE

CVE-2019-7388


TITLE

D-Link DIR-823G Vulnerability related to access control in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-001638

DESCRIPTION

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. D-Link DIR-823G There is an access control vulnerability in the device firmware.Information may be obtained. D-LinkDIR-823G is a wireless router from D-Link Corporation of Taiwan, China. D-Link DIR-823G Router is prone to an information-disclosure vulnerability

Trust: 2.61

sources: NVD: CVE-2019-7388 // JVNDB: JVNDB-2019-001638 // CNVD: CNVD-2019-24559 // BID: 106852 // VULHUB: VHN-158823 // VULMON: CVE-2019-7388

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-24559

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-823gscope:eqversion:1.02b03

Trust: 1.1

vendor:d linkmodel:dir-823g 1.02b03scope: - version: -

Trust: 0.9

vendor:d linkmodel:dir-823gscope:eqversion:1.02b03

Trust: 0.8

sources: CNVD: CNVD-2019-24559 // VULMON: CVE-2019-7388 // BID: 106852 // JVNDB: JVNDB-2019-001638 // NVD: CVE-2019-7388

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7388
value: HIGH

Trust: 1.0

NVD: CVE-2019-7388
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-24559
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201902-050
value: HIGH

Trust: 0.6

VULHUB: VHN-158823
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-7388
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-7388
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-24559
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158823
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7388
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-24559 // VULHUB: VHN-158823 // VULMON: CVE-2019-7388 // JVNDB: JVNDB-2019-001638 // CNNVD: CNNVD-201902-050 // NVD: CVE-2019-7388

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-158823 // JVNDB: JVNDB-2019-001638 // NVD: CVE-2019-7388

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-050

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201902-050

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001638

PATCH
title:Top Pageurl:http://www.dlink.lt/en/
Trust: 0.8
title:D-Linkurl:https://github.com/leonW7/D-Link 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-7388 // 
            
            
            
            JVNDB: JVNDB-2019-001638

EXTERNAL IDS
db:NVDid:CVE-2019-7388
Trust: 3.5
db:BIDid:106852
Trust: 2.7
db:JVNDBid:JVNDB-2019-001638
Trust: 0.8
db:CNNVDid:CNNVD-201902-050
Trust: 0.7
db:CNVDid:CNVD-2019-24559
Trust: 0.6
db:VULHUBid:VHN-158823
Trust: 0.1
db:VULMONid:CVE-2019-7388
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-24559 // 
            
            
            
            VULHUB: VHN-158823 // 
            
            
            
            VULMON: CVE-2019-7388 // 
            
            
            
            BID: 106852 // 
            
            
            
            JVNDB: JVNDB-2019-001638 // 
            
            
            
            CNNVD: CNNVD-201902-050 // 
            
            
            
            NVD: CVE-2019-7388

REFERENCES
url:https://github.com/leonw7/d-link/blob/master/vul_3.md
Trust: 2.9
url:http://www.securityfocus.com/bid/106852
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-7388
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7388
Trust: 0.8
url:https://github.com/leonw7/d-link/blob/master/vul_3.mdexploitthird party advisory
Trust: 0.6
url:http://www.securityfocus.com/bid/106852third party advisory
Trust: 0.6
url:http://www.dlink.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-24559 // 
            
            
            
            VULHUB: VHN-158823 // 
            
            
            
            VULMON: CVE-2019-7388 // 
            
            
            
            BID: 106852 // 
            
            
            
            JVNDB: JVNDB-2019-001638 // 
            
            
            
            CNNVD: CNNVD-201902-050 // 
            
            
            
            NVD: CVE-2019-7388

CREDITS
David Chen
Trust: 0.9
sources:
            
            
            BID: 106852 // 
            
            
            
            CNNVD: CNNVD-201902-050

SOURCES
db:CNVDid:CNVD-2019-24559
db:VULHUBid:VHN-158823
db:VULMONid:CVE-2019-7388
db:BIDid:106852
db:JVNDBid:JVNDB-2019-001638
db:CNNVDid:CNNVD-201902-050
db:NVDid:CVE-2019-7388

LAST UPDATE DATE
2024-11-23T22:06:20.594000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-24559date:2019-07-29T00:00:00
db:VULHUBid:VHN-158823date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-7388date:2020-08-24T00:00:00
db:BIDid:106852date:2019-02-01T00:00:00
db:JVNDBid:JVNDB-2019-001638date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201902-050date:2020-08-25T00:00:00
db:NVDid:CVE-2019-7388date:2024-11-21T04:48:07.540

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-24559date:2019-07-29T00:00:00
db:VULHUBid:VHN-158823date:2019-02-05T00:00:00
db:VULMONid:CVE-2019-7388date:2019-02-05T00:00:00
db:BIDid:106852date:2019-02-01T00:00:00
db:JVNDBid:JVNDB-2019-001638date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201902-050date:2019-02-01T00:00:00
db:NVDid:CVE-2019-7388date:2019-02-05T00:29:00.277