CVE-2019-19223

CWE-79 — Cross-site Scripting (XSS)CWE-444 — HTTP Request Smuggling3 documents3 sources

Severity

7.5HIGH

EPSS

6.2%

top 9.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dsl-2680 Firmware

Timeline

PublishedMar 4

Latest updateMay 24

Description

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDdlink/dsl-2680_firmware1.03

🔴Vulnerability Details

GHSA

GHSA-f6j4-cwrp-j9m3: A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1↗2022-05-24

▶

CVEList

CVE-2019-19223: A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1↗2020-03-04

▶