Vulnerability Description
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
CVSS Score
4.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-615 Firmware | 20.07 |
| Dlink | Dir-615 | - |
Related Weaknesses (CWE)
References
- https://infosecsanyam.blogspot.com/2019/12/d-link-dir-615-wireless-router.htmlExploitThird Party Advisory
- https://medium.com/%40infosecsanyam/d-link-dir-615-wireless-router-persistent-cr
- https://pastebin.com/edit/MZV6DNg7Broken Link
- https://www.dlink.com/en/security-bulletinVendor Advisory
- https://www.exploit-db.com/exploits/47776ExploitThird Party AdvisoryVDB Entry
- https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgmeExploitThird Party AdvisoryUS Government Resource
- https://infosecsanyam.blogspot.com/2019/12/d-link-dir-615-wireless-router.htmlExploitThird Party Advisory
- https://medium.com/%40infosecsanyam/d-link-dir-615-wireless-router-persistent-cr
- https://pastebin.com/edit/MZV6DNg7Broken Link
- https://www.dlink.com/en/security-bulletinVendor Advisory
- https://www.exploit-db.com/exploits/47776ExploitThird Party AdvisoryVDB Entry
- https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgmeExploitThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-19742?
CVE-2019-19742 is a vulnerability with a CVSS score of 4.8 (MEDIUM). On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
How severe is CVE-2019-19742?
CVE-2019-19742 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19742?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-615 Firmware, Dlink Dir-615.