Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-13101

CWE-306Missing Authentication6 documents6 sources
Severity
9.8CRITICAL
EPSS
85.6%
top 0.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dlink Dir-600m Firmware
Timeline
PublishedAug 8
Latest updateMay 24

Description

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDdlink/dir-600m_firmware4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-5cwj-g9vv-pmp6: An issue was discovered on D-Link DIR-600M 32022-05-24
CVEList
CVE-2019-13101: An issue was discovered on D-Link DIR-600M 32019-08-08
VulnCheck
D-Link dir-600m_firmware Missing Authentication for Critical Function2019

💥Exploits & PoCs

2
Exploit-DB
D-Link DIR-600M - Authentication Bypass (Metasploit)2019-08-14
Nuclei
D-Link DIR-600M - Authentication Bypass
CVE-2019-13101 (CRITICAL CVSS 9.8) | An issue was discovered on D-Link D | cvebase.io