Vulnerability Description
SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-868L Firmware | <= 2.03 |
| Dlink | Dir-868L | b |
| Dlink | Dir-885L Firmware | <= 1.20 |
| Dlink | Dir-885L | a |
| Dlink | Dir-895L Firmware | <= 1.21 |
| Dlink | Dir-895L | a |
Related Weaknesses (CWE)
References
- https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-byExploitThird Party Advisory
- https://cyberloginit.com/2019/09/10/dlink-shareport-web-access-authentication-byExploitThird Party Advisory
FAQ
What is CVE-2019-16190?
CVE-2019-16190 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folde...
How severe is CVE-2019-16190?
CVE-2019-16190 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-16190?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-868L Firmware, Dlink Dir-868L, Dlink Dir-885L Firmware, Dlink Dir-885L, Dlink Dir-895L Firmware.