Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19224 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | |||||
CVE-2019-19225 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | |||||
CVE-2019-19226 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | |||||
CVE-2019-19222 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-03-04 | 3.5 LOW | 5.4 MEDIUM |
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | |||||
CVE-2019-19223 | 1 D-link | 2 Dsl-2680, Dsl-2680 Firmware | 2020-03-04 | 7.8 HIGH | 7.5 HIGH |
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. |