Sign-up

ID

VAR-201912-0975


CVE

CVE-2019-16327


TITLE

D-Link DIR-601 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-013962

DESCRIPTION

D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. D-Link DIR-601 The device contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DIR-601 B1 is a wireless router from Taiwan D-Link. The D-Link DIR-601 B1 2.00NA version has an authentication bypass vulnerability, which originates from the fact that the program is only on the client and fails to authenticate on the server. An attacker could use this vulnerability to bypass authentication and perform arbitrary actions

Trust: 2.16

sources: NVD: CVE-2019-16327 // JVNDB: JVNDB-2019-013962 // CNVD: CNVD-2020-02551

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02551

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-601scope:eqversion:2.00na

Trust: 1.6

vendor:d linkmodel:dir-601scope:eqversion:b1 2.00na

Trust: 0.8

vendor:youxunmodel:technology dir-601 b1 2.00nascope: - version: -

Trust: 0.6

vendor:dlinkmodel:dir-601scope:eqversion:b1

Trust: 0.6

sources: CNVD: CNVD-2020-02551 // JVNDB: JVNDB-2019-013962 // CNNVD: CNNVD-201912-1137 // NVD: CVE-2019-16327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16327
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-16327
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-02551
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-1137
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-16327
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02551
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-16327
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-16327
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02551 // JVNDB: JVNDB-2019-013962 // CNNVD: CNNVD-201912-1137 // NVD: CVE-2019-16327

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-013962 // NVD: CVE-2019-16327

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1137

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-1137

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013962

PATCH
title:DIR-601url:https://support.dlink.com/ProductInfo.aspx?m=DIR-601
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013962

EXTERNAL IDS
db:NVDid:CVE-2019-16327
Trust: 3.0
db:JVNDBid:JVNDB-2019-013962
Trust: 0.8
db:CNVDid:CNVD-2020-02551
Trust: 0.6
db:CNNVDid:CNNVD-201912-1137
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02551 // 
            
            
            
            JVNDB: JVNDB-2019-013962 // 
            
            
            
            CNNVD: CNNVD-201912-1137 // 
            
            
            
            NVD: CVE-2019-16327

REFERENCES
url:https://0x62626262.wordpress.com/2019/12/24/dlink-dir-601-router-authentication-bypass-and-csrf/
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-16327
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16327
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-02551 // 
            
            
            
            JVNDB: JVNDB-2019-013962 // 
            
            
            
            CNNVD: CNNVD-201912-1137 // 
            
            
            
            NVD: CVE-2019-16327

SOURCES
db:CNVDid:CNVD-2020-02551
db:JVNDBid:JVNDB-2019-013962
db:CNNVDid:CNNVD-201912-1137
db:NVDid:CVE-2019-16327

LAST UPDATE DATE
2024-11-23T21:36:22.455000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02551date:2020-01-17T00:00:00
db:JVNDBid:JVNDB-2019-013962date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201912-1137date:2020-01-17T00:00:00
db:NVDid:CVE-2019-16327date:2024-11-21T04:30:31.640

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02551date:2020-01-27T00:00:00
db:JVNDBid:JVNDB-2019-013962date:2020-01-22T00:00:00
db:CNNVDid:CNNVD-201912-1137date:2019-12-26T00:00:00
db:NVDid:CVE-2019-16327date:2019-12-26T18:15:10.627