Sign-up

ID

VAR-201912-1420


CVE

CVE-2019-19743


TITLE

D-Link DIR-615 Input Validation Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-01277 // CNNVD: CNNVD-201912-723

DESCRIPTION

On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal. D-Link DIR-615 The device contains an input validation vulnerability.Information may be tampered with. D-Link DIR-615 is a wireless router from Taiwan D-Link. An attacker could use this vulnerability to create a root (admin) user

Trust: 2.16

sources: NVD: CVE-2019-19743 // JVNDB: JVNDB-2019-013413 // CNVD: CNVD-2020-01277

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-01277

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-615 t1scope:eqversion:20.07

Trust: 1.6

vendor:d linkmodel:dir-615scope: - version: -

Trust: 0.8

vendor:d linkmodel:dir-615scope:eqversion:20.07

Trust: 0.6

vendor:dlinkmodel:dir-615 t1scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-01277 // JVNDB: JVNDB-2019-013413 // NVD: CVE-2019-19743 // CNNVD: CNNVD-201912-723

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2019-19743
value: MEDIUM

Trust: 1.8

CNVD: CNVD-2020-01277
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201912-723
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2019-19743
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-01277
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-19743
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-01277 // JVNDB: JVNDB-2019-013413 // NVD: CVE-2019-19743 // CNNVD: CNNVD-201912-723

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2019-013413 // NVD: CVE-2019-19743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-723

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201912-723

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2019-19743

PATCH
title:Security Bulletinurl:https://www.dlink.com/en/security-bulletin
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013413

EXTERNAL IDS
db:NVDid:CVE-2019-19743
Trust: 3.0
db:EXPLOIT-DBid:47778
Trust: 1.6
db:JVNid:JVNVU93632155
Trust: 0.8
db:JVNDBid:JVNDB-2019-013413
Trust: 0.8
db:CNVDid:CNVD-2020-01277
Trust: 0.6
db:CNNVDid:CNNVD-201912-723
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-01277 // 
            
            
            
            JVNDB: JVNDB-2019-013413 // 
            
            
            
            NVD: CVE-2019-19743 // 
            
            
            
            CNNVD: CNNVD-201912-723

REFERENCES
url:http://seclists.org/fulldisclosure/2019/dec/35
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-19743
Trust: 2.0
url:https://pastebin.com/whirgdeg
Trust: 1.6
url:https://www.dlink.com/en/security-bulletin
Trust: 1.6
url:https://www.exploit-db.com/exploits/47778
Trust: 1.6
url:https://www.infosecsanyam.blogspot.com/2019/12/d-link-dir-615-wireless-routervertical.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19743
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93632155/
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-01277 // 
            
            
            
            JVNDB: JVNDB-2019-013413 // 
            
            
            
            NVD: CVE-2019-19743 // 
            
            
            
            CNNVD: CNNVD-201912-723

SOURCES
db:CNVDid:CNVD-2020-01277
db:JVNDBid:JVNDB-2019-013413
db:NVDid:CVE-2019-19743
db:CNNVDid:CNNVD-201912-723

LAST UPDATE DATE
2023-12-18T10:51:11.422000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-01277date:2020-01-10T00:00:00
db:JVNDBid:JVNDB-2019-013413date:2019-12-27T00:00:00
db:NVDid:CVE-2019-19743date:2021-07-21T11:39:23.747
db:CNNVDid:CNNVD-201912-723date:2019-12-24T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-01277date:2020-01-09T00:00:00
db:JVNDBid:JVNDB-2019-013413date:2019-12-27T00:00:00
db:NVDid:CVE-2019-19743date:2019-12-16T17:15:12.300
db:CNNVDid:CNNVD-201912-723date:2019-12-16T00:00:00