Sign-up

ID

VAR-201908-0438


CVE

CVE-2019-13101


TITLE

D-Link DIR-600M Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-007619

DESCRIPTION

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. D-Link DIR-600M The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-600M is a wireless router from Taiwan D-Link. A security vulnerability exists in D-Link DIR-600M, which originates from the fact that users can directly access the wan.htm file without authentication

Trust: 2.34

sources: NVD: CVE-2019-13101 // JVNDB: JVNDB-2019-007619 // CNVD: CNVD-2019-39562 // VULHUB: VHN-144914 // VULMON: CVE-2019-13101

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39562

AFFECTED PRODUCTS

vendor:d linkmodel:dir-600mscope:eqversion:3.02

Trust: 1.4

vendor:d linkmodel:dir-600mscope:eqversion:3.03

Trust: 1.4

vendor:d linkmodel:dir-600mscope:eqversion:3.04

Trust: 1.4

vendor:d linkmodel:dir-600mscope:eqversion:3.06

Trust: 1.4

vendor:dlinkmodel:dir-600mscope:eqversion:3.03

Trust: 1.0

vendor:dlinkmodel:dir-600mscope:eqversion:3.02

Trust: 1.0

vendor:dlinkmodel:dir-600mscope:eqversion:3.06

Trust: 1.0

vendor:dlinkmodel:dir-600mscope:eqversion:3.04

Trust: 1.0

sources: CNVD: CNVD-2019-39562 // JVNDB: JVNDB-2019-007619 // NVD: CVE-2019-13101

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2019-13101
value: CRITICAL

Trust: 1.8

CNVD: CNVD-2019-39562
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-573
value: CRITICAL

Trust: 0.6

VULHUB: VHN-144914
value: HIGH

Trust: 0.1

VULMON: CVE-2019-13101
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2019-13101
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

CNVD: CNVD-2019-39562
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-144914
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13101
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39562 // VULHUB: VHN-144914 // VULMON: CVE-2019-13101 // JVNDB: JVNDB-2019-007619 // CNNVD: CNNVD-201908-573 // NVD: CVE-2019-13101

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-144914 // JVNDB: JVNDB-2019-007619 // NVD: CVE-2019-13101

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-573

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-573

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2019-13101

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2019-13101

PATCH
title:Security Advisoryurl:https://us.dlink.com/en/security-advisory
Trust: 0.8
title:D-Link-DIR-600M / CVE-2019-13101url:https://github.com/d0x0/d-link-dir-600m/blob/master/cve-2019-13101
Trust: 0.8
title:DLKPloiT600.pyurl:https://github.com/halencarjunior/dlkploit600 
Trust: 0.1
title:scalpel🗡
免责声明
检测模块
功能特色
快速使用
POC相关
问题反馈
相关资料url:https://github.com/starcrossportal/scalpel 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/developer3000s/poc-in-github 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/hectorgie/poc-in-github 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/0xt11/cve-poc 
Trust: 0.1
title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/arpsyndicate/kenzer-templates 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-13101 // 
            
            
            
            JVNDB: JVNDB-2019-007619

EXTERNAL IDS
db:NVDid:CVE-2019-13101
Trust: 3.2
db:PACKETSTORMid:153994
Trust: 2.4
db:JVNDBid:JVNDB-2019-007619
Trust: 0.8
db:CNNVDid:CNNVD-201908-573
Trust: 0.7
db:EXPLOIT-DBid:47250
Trust: 0.7
db:CNVDid:CNVD-2019-39562
Trust: 0.6
db:VULHUBid:VHN-144914
Trust: 0.1
db:VULMONid:CVE-2019-13101
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39562 // 
            
            
            
            VULHUB: VHN-144914 // 
            
            
            
            VULMON: CVE-2019-13101 // 
            
            
            
            JVNDB: JVNDB-2019-007619 // 
            
            
            
            CNNVD: CNNVD-201908-573 // 
            
            
            
            NVD: CVE-2019-13101

REFERENCES
url:http://packetstormsecurity.com/files/153994/d-link-dir-600m-wireless-n-150-home-router-access-bypass.html
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-13101
Trust: 2.0
url:https://seclists.org/bugtraq/2019/aug/17
Trust: 1.8
url:http://seclists.org/fulldisclosure/2019/aug/5
Trust: 1.8
url:https://github.com/d0x0/d-link-dir-600m/blob/master/cve-2019-13101
Trust: 1.8
url:https://us.dlink.com/en/security-advisory
Trust: 1.8
url:https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13101
Trust: 0.8
url:https://www.exploit-db.com/exploits/47250
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://github.com/halencarjunior/dlkploit600
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39562 // 
            
            
            
            VULHUB: VHN-144914 // 
            
            
            
            VULMON: CVE-2019-13101 // 
            
            
            
            JVNDB: JVNDB-2019-007619 // 
            
            
            
            CNNVD: CNNVD-201908-573 // 
            
            
            
            NVD: CVE-2019-13101

CREDITS
Devendra Singh Solanki,Devendra Solanki
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-573

SOURCES
db:CNVDid:CNVD-2019-39562
db:VULHUBid:VHN-144914
db:VULMONid:CVE-2019-13101
db:JVNDBid:JVNDB-2019-007619
db:CNNVDid:CNNVD-201908-573
db:NVDid:CVE-2019-13101

LAST UPDATE DATE
2024-02-13T23:02:49.109000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39562date:2019-11-07T00:00:00
db:VULHUBid:VHN-144914date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-13101date:2021-04-23T00:00:00
db:JVNDBid:JVNDB-2019-007619date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-573date:2021-04-25T00:00:00
db:NVDid:CVE-2019-13101date:2021-04-23T15:17:22.567

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-39562date:2019-11-07T00:00:00
db:VULHUBid:VHN-144914date:2019-08-08T00:00:00
db:VULMONid:CVE-2019-13101date:2019-08-08T00:00:00
db:JVNDBid:JVNDB-2019-007619date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-573date:2019-08-08T00:00:00
db:NVDid:CVE-2019-13101date:2019-08-08T13:15:12.407