Detections
Analytics

DLink DIR-859 < 1.07B03 Information Disclosure

high Nessus Plugin ID 187211

Language:

Synopsis

A web application is affected by an information disclosure vulnerability.

Description

The version of DLink installed on the remote host is prior to 1.07b03. It is, therefore, affected by an information disclosure vulnerability as referenced in the vendor advisory. A remote, unauthenticated attacker can explioit this exposure by sending a carefully crafted paypload with a AUTHORIZED_GROUP=1%0a value as demonstrated by vpnconfig.php to the remote server.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 1.07b03 or later.

See Also

http://www.nessus.org/u?a0583e6e

http://www.nessus.org/u?ec7efd10

Plugin Details

Severity: High

ID: 187211

File Name: dlink_dir-859_1.07b03_infodis.nasl

Version: 1.1

Type: remote

Family: Web Servers

Published: 12/22/2023

Updated: 12/25/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-20213

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:dlink:dir

Required KB Items: installed_sw/DLink DIR

Exploit Ease: No known exploits are available

Patch Publication Date: 3/14/2020

Vulnerability Publication Date: 1/2/2020

Reference Information

CVE: CVE-2019-20213