Authentication Bypass in D-Link DIR-600M C1 Devices
CVE-2019-7736

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-600m Firmware
Vendor: CVE Published:; 11 February 2019

What is CVE-2019-7736?

D-Link DIR-600M C1 devices running firmware version 3.04 are susceptible to an authentication bypass vulnerability. This issue arises from accepting direct requests to the wan.htm page, allowing unauthorized users to gain access without proper authentication. This vulnerability presents significant risks as it may allow attackers to manipulate device settings or intercept network traffic, thereby compromising user data and device integrity. Immediate action should be taken to mitigate this vulnerability by applying appropriate patches or updates.

References

https://www.youtube.com/watch?v=uaT8vX06Jjs

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2019
Vulnerability Reserved
Feb 11, 2019