Broken Access Control in D-Link DSL-2680 Web Administration Interface
CVE-2019-19224

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dsl-2680 Firmware
Vendor: CVE Published:; 4 March 2020

What is CVE-2019-19224?

A vulnerability has been identified in the D-Link DSL-2680 web administration interface, specifically in Firmware version EU_1.03. This issue allows unauthorized users to exploit broken access control mechanisms and download sensitive configuration files by sending a GET request to the rom-0 endpoint without proper authentication. As a result, attackers may gain access to critical binary files that could compromise the security of the device.