CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

Published: Mar 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-7642
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
dlink / dir-817lw_firmware	1.04	1.04.x
dlink / dir-816l_firmware	2.06	2.06.x
dlink / dir-816_firmware	2.06	2.06.x
dlink / dir-850l_firmware	1.09	1.09.x
dlink / dir-868l_firmware	1.10	1.10.x

https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md

Vulnerability Database

CVE-2019-7642

Deep Security Visibility Without the Complexity