CVE-2019-17353

moderate-risk

Published 2019-10-09

An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

Do I need to act?

0.48% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

Affected Products (2)

Dir-615 Firmware

Affected Vendors

Dlink

References (8)

Third Party Advisory https://github.com/d0x0/D-Link-DIR-615/blob/master/CVE-2019-17353

Vendor Advisory https://us.dlink.com/en/security-advisory

Vendor Advisory https://www.dlink.com/en/security-bulletin

Third Party Advisory https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgme...

Third Party Advisory https://github.com/d0x0/D-Link-DIR-615/blob/master/CVE-2019-17353

Vendor Advisory https://us.dlink.com/en/security-advisory

Vendor Advisory https://www.dlink.com/en/security-bulletin

Third Party Advisory https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgme...

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 2/34 · Minimal

Exposure 7/34 · Low