CVE-2019-19224
First published: Wed Mar 04 2020(Updated: )
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink DSL-2680 | =1.03 | |
| Dlink DSL-2680 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-19224?
CVE-2019-19224 is a Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface that allows unauthorized access to configuration settings.
What are the consequences of CVE-2019-19224?
The consequences of CVE-2019-19224 include the potential for an attacker to download sensitive configuration files without authentication.
How do I fix CVE-2019-19224?
To fix CVE-2019-19224, update the D-Link DSL-2680 firmware to the latest version or disable remote administration features.
Is my device vulnerable to CVE-2019-19224?
If you are using the D-Link DSL-2680 with firmware version EU_1.03, then your device is vulnerable to CVE-2019-19224.
How can I prevent exploitation of CVE-2019-19224?
To prevent exploitation of CVE-2019-19224, ensure that your devices are regularly updated and limit access to administrative interfaces.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dlink
- canonical/dlink dsl-2680
- version/dlink dsl-2680/1.03