Vulnerability Description
D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dsl-2875Al Firmware | <= 1.00.05 |
| Dlink | Dsl-2875Al | - |
Related Weaknesses (CWE)
References
- https://www.dlink.com/en/security-bulletinVendor Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
- https://www.dlink.com/en/security-bulletinVendor Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
FAQ
What is CVE-2019-15655?
CVE-2019-15655 is a vulnerability with a CVSS score of 7.5 (HIGH). D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and w...
How severe is CVE-2019-15655?
CVE-2019-15655 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15655?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dsl-2875Al Firmware, Dlink Dsl-2875Al.