Remote Code Execution Vulnerability in D-Link DIR-655 C Devices
CVE-2019-13560

9.8CRITICAL

Key Information:

Vendor
D-Link
Status
Dir-655 Firmware
Vendor
CVE Published:
11 July 2019

Summary

D-Link DIR-655 C devices before version 3.02B05 BETA03 are susceptible to a vulnerability that allows remote attackers to exploit the apply_sec.cgi setup_wizard parameter. This exploit can force the device into a state where it functions with a blank password, potentially granting unauthorized access to the device's administrative functions. Users are advised to update their devices promptly to mitigate this security risk.

References

https://www.nccgroup.trust/us/about-us/newsroom-and-event...
x_refsource_MISC
ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-655/REVC/DI...
x_refsource_MISC
https://www.nccgroup.trust/contentassets/7188fe7f130846ff...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.