Authentication Bypass in D-Link DSL-2750U by D-Link
CVE-2019-1010155

9.1CRITICAL

Key Information:

Vendor
D-link
Status
Dsl-2750u
Vendor
CVE Published:
23 July 2019

Summary

The D-Link DSL-2750U version 1.11 is susceptible to an authentication bypass vulnerability that allows unauthorized access to its login component. Although the access to the wizard does not permit actual configuration, it raises concerns about potential denial of service and information leakage. The community remains divided on the severity of this issue, suggesting that while third-party testing indicates limited exploitability, any unregulated access to network devices can pose a security risk.

Affected Version(s)

DSL-2750U 1.11

References

https://youtu.be/BQQbp2vn_wY
x_refsource_MISC
http://www.securityfocus.com/bid/109351
vdb-entryx_refsource_BID
https://cxsecurity.com/issue/WLB-2018080199
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.