Dlink Dsl-2680 Firmware vulnerabilities

5 known vulnerabilities affecting dlink/dsl-2680_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2019-19226HIGHCVSS 7.5v1.032020-03-04
CVE-2019-19226 [HIGH] CWE-306 CVE-2019-19226: A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface.
nvd
CVE-2019-19223HIGHCVSS 7.5v1.032020-03-04
CVE-2019-19223 [HIGH] CWE-79 CVE-2019-19223: A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.
nvd
CVE-2019-19225HIGHCVSS 7.5v1.032020-03-04
CVE-2019-19225 [HIGH] CWE-306 CVE-2019-19225: A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.
nvd
CVE-2019-19224HIGHCVSS 7.5v1.032020-03-04
CVE-2019-19224 [HIGH] CWE-306 CVE-2019-19224: A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.
nvd
CVE-2019-19222MEDIUMCVSS 5.4v1.032020-03-04
CVE-2019-19222 [MEDIUM] CWE-79 CVE-2019-19222: A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.
nvd