1. Home
  2. CVE Database
  3. CVE-2019-7642
HIGH · 7.5

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include b...

Vulnerability Description

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
DlinkDir-817Lw Firmware1.04
DlinkDir-817Lwa1
DlinkDir-816L Firmware2.06
DlinkDir-816Lb1
DlinkDir-816 Firmware2.06
DlinkDir-816b1
DlinkDir-850L Firmware1.09
DlinkDir-850La1
DlinkDir-868L Firmware1.10
DlinkDir-868La1

Related Weaknesses (CWE)

CWE-306

References

FAQ

What is CVE-2019-7642?

CVE-2019-7642 is a vulnerability with a CVSS score of 7.5 (HIGH). D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include b...

How severe is CVE-2019-7642?

CVE-2019-7642 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-7642?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-817Lw Firmware, Dlink Dir-817Lw, Dlink Dir-816L Firmware, Dlink Dir-816L, Dlink Dir-816 Firmware.