CVE-2019-17507

An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp.

Published : 2019-10-11 20:15 Updated : 2019-10-15 20:41

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Dlink Dir-816 A1 Firmware 1.06 cpe:/o:dlink:dir-816_a1_firmware:1.06
  1. Dlink (1) Search CVE
    1. Dir-816 A1 Firmware (1) Search CVE
      1. 1.06

CWE

ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-15 20:41
2019-10-11 20:25

New CVE