CVE-2019-20213 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Vendor	Product	Version
dlink	dir-859_firmware	𝑥 ≤ 1.05b03
dlink	dir-859_firmware	1.06b01:b01
dlink	dir-822_firmware	𝑥 ≤ 2.03b01
dlink	dir-822_firmware	𝑥 ≤ 3.12b04
dlink	dir-823_firmware	𝑥 ≤ 1.00b06
dlink	dir-865l_firmware	𝑥 ≤ 1.07b01
dlink	dir-868l_firmware	𝑥 ≤ 1.12b04
dlink	dir-868l_firmware	𝑥 ≤ 2.05b02
dlink	dir-869_firmware	𝑥 ≤ 1.03b02
dlink	dir-880l_firmware	𝑥 ≤ 1.08b04
dlink	dir-890l_firmware	𝑥 ≤ 1.11b01
dlink	dir-890r_firmware	𝑥 ≤ 1.11b01
dlink	dir-885l_firmware	𝑥 ≤ 1.12b05
dlink	dir-885r_firmware	𝑥 ≤ 1.12b05
dlink	dir-895l_firmware	𝑥 ≤ 1.12b10
dlink	dir-895r_firmware	𝑥 ≤ 1.12b10
dlink	dir-818lx_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References

https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f

https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147

https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f

https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147