ID

VAR-201910-1280


CVE

CVE-2019-17353


TITLE

D-Link DIR-615 Authentication vulnerabilities in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-010636

DESCRIPTION

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page. D-Link DIR-615 There is an authentication vulnerability in the device firmware.Information may be obtained and information may be altered. D-Link DIR-615 is a wireless router from D-Link, Taiwan. The vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 2.34

sources: NVD: CVE-2019-17353 // JVNDB: JVNDB-2019-010636 // CNVD: CNVD-2020-22295 // VULHUB: VHN-149591 // VULMON: CVE-2019-17353

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22295

AFFECTED PRODUCTS

vendor:d linkmodel:dir-615scope:eqversion:20.07

Trust: 1.4

vendor:d linkmodel:dir-615scope:eqversion:20.05

Trust: 1.4

vendor:dlinkmodel:dir-615scope:eqversion:20.05

Trust: 1.0

vendor:dlinkmodel:dir-615scope:eqversion:20.07

Trust: 1.0

sources: CNVD: CNVD-2020-22295 // JVNDB: JVNDB-2019-010636 // NVD: CVE-2019-17353

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17353
value: HIGH

Trust: 1.0

NVD: CVE-2019-17353
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22295
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-505
value: HIGH

Trust: 0.6

VULHUB: VHN-149591
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-17353
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-17353
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-22295
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-149591
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-17353
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-17353
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22295 // VULHUB: VHN-149591 // VULMON: CVE-2019-17353 // JVNDB: JVNDB-2019-010636 // CNNVD: CNNVD-201910-505 // NVD: CVE-2019-17353

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-287

Trust: 0.9

sources: VULHUB: VHN-149591 // JVNDB: JVNDB-2019-010636 // NVD: CVE-2019-17353

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-505

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201910-505

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010636

PATCH

title:Security Bulletinurl:https://www.dlink.com/en/security-bulletin

Trust: 0.8

title:Responsible Security Issue Reporting and Responseurl:https://us.dlink.com/en/security-advisory

Trust: 0.8

sources: JVNDB: JVNDB-2019-010636

EXTERNAL IDS

db:NVDid:CVE-2019-17353

Trust: 3.2

db:JVNDBid:JVNDB-2019-010636

Trust: 0.8

db:CNVDid:CNVD-2020-22295

Trust: 0.7

db:CNNVDid:CNNVD-201910-505

Trust: 0.7

db:VULHUBid:VHN-149591

Trust: 0.1

db:VULMONid:CVE-2019-17353

Trust: 0.1

sources: CNVD: CNVD-2020-22295 // VULHUB: VHN-149591 // VULMON: CVE-2019-17353 // JVNDB: JVNDB-2019-010636 // CNNVD: CNNVD-201910-505 // NVD: CVE-2019-17353

REFERENCES

url:https://github.com/d0x0/d-link-dir-615/blob/master/cve-2019-17353

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-17353

Trust: 2.0

url:https://us.dlink.com/en/security-advisory

Trust: 1.8

url:https://www.dlink.com/en/security-bulletin

Trust: 1.8

url:https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17353

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-22295 // VULHUB: VHN-149591 // VULMON: CVE-2019-17353 // JVNDB: JVNDB-2019-010636 // CNNVD: CNNVD-201910-505 // NVD: CVE-2019-17353

SOURCES

db:CNVDid:CNVD-2020-22295
db:VULHUBid:VHN-149591
db:VULMONid:CVE-2019-17353
db:JVNDBid:JVNDB-2019-010636
db:CNNVDid:CNNVD-201910-505
db:NVDid:CVE-2019-17353

LAST UPDATE DATE

2024-11-23T22:58:29.623000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-22295date:2020-04-11T00:00:00
db:VULHUBid:VHN-149591date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-17353date:2021-04-23T00:00:00
db:JVNDBid:JVNDB-2019-010636date:2019-10-18T00:00:00
db:CNNVDid:CNNVD-201910-505date:2020-10-28T00:00:00
db:NVDid:CVE-2019-17353date:2024-11-21T04:32:09.230

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-22295date:2020-04-11T00:00:00
db:VULHUBid:VHN-149591date:2019-10-09T00:00:00
db:VULMONid:CVE-2019-17353date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010636date:2019-10-18T00:00:00
db:CNNVDid:CNNVD-201910-505date:2019-10-09T00:00:00
db:NVDid:CVE-2019-17353date:2019-10-09T12:15:10.467