Vulnerability in D-Link DIR-878 Devices Allowing Blank Password Login
CVE-2019-9124

9.8CRITICAL

Key Information:

Vendor: D-link
Status: Dir-878 Firmware
Vendor: CVE Published:; 25 February 2019

What is CVE-2019-9124?

A security flaw has been identified in D-Link DIR-878 devices where an attacker can gain access by logging in with a blank password through the /HNAP1 URI. This vulnerability can potentially allow unauthorized users to manipulate device settings and disrupt network operations, making it crucial for users to secure their devices by changing default configurations and ensuring proper password policies.

References

https://github.com/WhooAmii/whooamii.github.io/blob/maste...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2019
Vulnerability Reserved
Feb 24, 2019

CVE-2019-9124 Data

JSON

D-link

What is CVE-2019-9124?

References

CVSS V3.1

Timeline