CVE-2019-7388Sensitive Information Exposure in Dlink Dir-823g Firmware

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.8%
top 17.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-823g Firmware
Timeline
PublishedFeb 5
Latest updateMay 13

Description

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-398w-8vvx-7rh5: An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 12022-05-13
CVEList
CVE-2019-7388: An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 12019-02-05
CVE-2019-7388 — Sensitive Information Exposure in Dlink | cvebase