Password Disclosure Vulnerability in D-Link DSL-2875AL Devices
CVE-2019-15655

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dsl-2875al Firmware
Vendor: CVE Published:; 19 March 2020

Summary

The D-Link DSL-2875AL device is susceptible to a password disclosure vulnerability due to a flaw in its web management interface. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the device, which fails to adequately protect the configuration file. This request can lead to the exposure of sensitive information, including passwords that are stored in cleartext, thereby allowing unauthorized access to the device's management functionalities. It is crucial for users to update their devices to mitigate this risk effectively.

References

https://www.dlink.com/en/security-bulletin

x_refsource_MISC

https://www.trustwave.com/en-us/resources/security-resour...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 19, 2020
Vulnerability Reserved
Aug 26, 2019