Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-19743 β€” Improper Input Validation in Dlink Dir-615 T1 Firmware

CWE-20 β€” Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
13.9%
top 5.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dlink Dir-615 T1 Firmware
Timeline
PublishedDec 16
Latest updateMay 24

Description

On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-jrp5-23hf-jfg7: On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal↗2022-05-24
β–Ά
CVEList
CVE-2019-19743: On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal↗2019-12-16
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
D-Link DIR-615 - Privilege Escalation↗2019-12-16
β–Ά
CVE-2019-19743 β€” Improper Input Validation in Dlink | cvebase