id: CVE-2019-13101 info: name: D-Link DIR-600M - Authentication Bypass author: Suman_Kar severity: critical description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. reference: - https://github.com/d0x0/D-Link-DIR-600M - https://www.exploit-db.com/exploits/47250 - https://nvd.nist.gov/vuln/detail/CVE-2019-13101 - https://us.dlink.com/en/security-advisory classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-13101 cwe-id: CWE-306 epss-score: 0.04204 tags: edb,cve,cve2019,dlink,router,iot metadata: max-request: 1 http: - raw: - | GET /wan.htm HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "/PPPoE/" part: body # Enhanced by mp on 2022/03/29