Published: 25/03/2019 Updated: 23/04/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dir-817lw_firmware 1.04
dlink dir-816l_firmware 2.06
dlink dir-816_firmware 2.06
dlink dir-850l_firmware 1.09
dlink dir-868l_firmware 1.10

CVE-2019-7642 D-Link routers with the mydlink feature have some web interfaces without authentication requirements An attacker can remotely obtain users' DNS query logs and login logs Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-104), DIR-816L (B1-206), DIR-850L (A1-109) and DIR-868L (A1-110) PoC1: target/myd

CWE-306 https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md https://nvd.nist.gov https://github.com/xw77cve/cve

CVE-2019-7642

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect