Sign-up

ID

VAR-201908-0586


CVE

CVE-2019-13265


TITLE

D-link DIR-825AC G1 Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008738

DESCRIPTION

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.). D-link DIR-825AC G1 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-825 is an AC 1200 Wi-Fi dual-band Gigabit (LAN / WAN) router. A security vulnerability exists in D-link DIR-825AC G1. D-Link D-link DIR-825AC G1 is a wireless router made by Taiwan D-Link Company

Trust: 2.25

sources: NVD: CVE-2019-13265 // JVNDB: JVNDB-2019-008738 // CNVD: CNVD-2019-39565 // VULHUB: VHN-145094

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-39565

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-825\/ac g1scope:eqversion: -

Trust: 1.0

vendor:d linkmodel:dir-825/ac g1scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-825 g1scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-39565 // JVNDB: JVNDB-2019-008738 // NVD: CVE-2019-13265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13265
value: HIGH

Trust: 1.0

NVD: CVE-2019-13265
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-39565
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-2076
value: HIGH

Trust: 0.6

VULHUB: VHN-145094
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13265
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-39565
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-145094
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13265
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13265
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-39565 // VULHUB: VHN-145094 // JVNDB: JVNDB-2019-008738 // CNNVD: CNNVD-201908-2076 // NVD: CVE-2019-13265

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-145094 // JVNDB: JVNDB-2019-008738 // NVD: CVE-2019-13265

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-2076

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201908-2076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008738

PATCH
title:Top Pageurl:https://www.dlink.com/en/consumer
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008738

EXTERNAL IDS
db:NVDid:CVE-2019-13265
Trust: 3.1
db:JVNDBid:JVNDB-2019-008738
Trust: 0.8
db:CNNVDid:CNNVD-201908-2076
Trust: 0.7
db:CNVDid:CNVD-2019-39565
Trust: 0.6
db:VULHUBid:VHN-145094
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-39565 // 
            
            
            
            VULHUB: VHN-145094 // 
            
            
            
            JVNDB: JVNDB-2019-008738 // 
            
            
            
            CNNVD: CNNVD-201908-2076 // 
            
            
            
            NVD: CVE-2019-13265

REFERENCES
url:https://www.usenix.org/system/files/woot19-paper_ovadia.pdf
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-13265
Trust: 2.0
url:https://orenlab.sise.bgu.ac.il/publications/crossrouter
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13265
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-39565 // 
            
            
            
            VULHUB: VHN-145094 // 
            
            
            
            JVNDB: JVNDB-2019-008738 // 
            
            
            
            CNNVD: CNNVD-201908-2076 // 
            
            
            
            NVD: CVE-2019-13265

SOURCES
db:CNVDid:CNVD-2019-39565
db:VULHUBid:VHN-145094
db:JVNDBid:JVNDB-2019-008738
db:CNNVDid:CNNVD-201908-2076
db:NVDid:CVE-2019-13265

LAST UPDATE DATE
2024-11-23T22:37:44.810000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-39565date:2019-11-07T00:00:00
db:VULHUBid:VHN-145094date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-008738date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-2076date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13265date:2024-11-21T04:24:34.763

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-39565date:2019-11-07T00:00:00
db:VULHUBid:VHN-145094date:2019-08-27T00:00:00
db:JVNDBid:JVNDB-2019-008738date:2019-09-05T00:00:00
db:CNNVDid:CNNVD-201908-2076date:2019-08-27T00:00:00
db:NVDid:CVE-2019-13265date:2019-08-27T18:15:10.780