Authentication Bypass in D-Link DIR-601 B1 Devices
CVE-2019-16327

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-601 Firmware
Vendor: CVE Published:; 26 December 2019

Summary

D-Link DIR-601 B1 2.00NA devices exhibit a critical authentication bypass vulnerability due to reliance on client-side validation rather than proper server-side checks. This flaw allows attackers to exploit the system, bypassing security measures and potentially gaining unauthorized access. Users should be aware that the affected product is no longer supported, increasing the risks associated with its continued use. Effective security practices recommend upgrading to supported devices to mitigate such vulnerabilities.

References

https://0x62626262.wordpress.com/2019/12/24/dlink-dir-601...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2019
Vulnerability Reserved
Sep 15, 2019