CVE-2019-13101

high-risk
Published 2019-08-08

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

Do I need to act?

!
85.6% chance of exploitation in next 30 days
EPSS score — higher than 14% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47250
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Dir-600M Firmware
Dir-600M Firmware
Dir-600M Firmware
Dir-600M Firmware

Affected Vendors

Dlink

References (12)

Third Party Advisory http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-...
Mailing List http://seclists.org/fulldisclosure/2019/Aug/5
Third Party Advisory https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101
Mailing List https://seclists.org/bugtraq/2019/Aug/17
Vendor Advisory https://us.dlink.com/en/security-advisory
Third Party Advisory https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgme...
Third Party Advisory http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-...
Mailing List http://seclists.org/fulldisclosure/2019/Aug/5
Third Party Advisory https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101
Mailing List https://seclists.org/bugtraq/2019/Aug/17
Vendor Advisory https://us.dlink.com/en/security-advisory
Third Party Advisory https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgme...
62
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 10/34 · Low