CVE-2019-6969

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 49.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dva-5592 Firmware

Timeline

PublishedAug 2

Latest updateMay 24

Description

The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDdlink/dva-5592_firmware20180823

🔴Vulnerability Details

GHSA

GHSA-chp2-g3wx-3mc5: The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sens↗2022-05-24

▶

CVEList

CVE-2019-6969: The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sens↗2019-08-02

▶