An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp.
References
Link | Resource |
---|---|
https://github.com/dahua966/Routers-vuls/tree/master/DIR-816 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2019-10-11 13:15
Updated : 2019-10-15 13:41
NVD link : CVE-2019-17507
Mitre link : CVE-2019-17507
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
dlink
- dir-816_a1_firmware
- dir-816_a1