CVE-2019-7390Missing Authentication for Critical Function in Dlink Dir-823g Firmware

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
8.6HIGHNVD
EPSS
1.2%
top 20.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-823g Firmware
Timeline
PublishedFeb 5
Latest updateMay 13

Description

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-8f9f-5jjh-xcjq: An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 12022-05-13
CVEList
CVE-2019-7390: An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 12019-02-05
CVE-2019-7390 — Dlink Dir-823g Firmware vulnerability | cvebase