What is CVE-2019-20213?

CVE-2019-20213 is a vulnerability in D-Link DIR-859 routers before v1.07b03_beta that allows unauthenticated information disclosure.

How severe is CVE-2019-20213?

CVE-2019-20213 has a severity score of 7.5, which is considered high.

How can the vulnerability in D-Link DIR-859 routers be exploited?

The vulnerability in D-Link DIR-859 routers can be exploited by sending a request with the AUTHORIZED_GROUP=1%0a value to vpnconfig.php.

Are other D-Link routers affected by CVE-2019-20213?

No, other D-Link routers are not affected by CVE-2019-20213.

How can I fix CVE-2019-20213?

To fix CVE-2019-20213, you should update your D-Link DIR-859 router to v1.07b03_beta or later.

Vulnerability/
CVE-2019-20213

high

7.5

CWE

74 863

2/1/2020

21/7/2021

CVE-2019-20213

First published: Thu Jan 02 2020(Updated: )

D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Dlink Dir-859 Firmware	<=1.05b03
Dlink Dir-859 Firmware	=1.06b01-beta1
Dlink Dir-859
Dlink Dir-822 Firmware	<=2.03b01
Dlink Dir-822
Dlink Dir-822 Firmware	<=3.12b04
Dlink Dir-823 Firmware	<=1.00b06
Dlink Dir-823
Dlink Dir-865l Firmware	<=1.07b01
Dlink Dir-865l
Dlink Dir-868l Firmware	<=1.12b04
Dlink Dir-868l
Dlink Dir-868l Firmware	<=2.05b02
Dlink Dir-869 Firmware	<=1.03b02
Dlink Dir-869
Dlink Dir-880l Firmware	<=1.08b04
Dlink Dir-880l
Dlink Dir-890l Firmware	<=1.11b01
Dlink Dir-890l
Dlink Dir-890r Firmware	<=1.11b01
Dlink Dir-890r
Dlink Dir-885l Firmware	<=1.12b05
Dlink Dir-885l
Dlink Dir-885r Firmware	<=1.12b05
Dlink Dir-885r
Dlink Dir-895l Firmware	<=1.12b10
Dlink Dir-895l
Dlink Dir-895r Firmware	<=1.12b10
Dlink Dir-895r
Dlink Dir-818lx Firmware
Dlink Dir-818lx

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-20213?
CVE-2019-20213 is a vulnerability in D-Link DIR-859 routers before v1.07b03_beta that allows unauthenticated information disclosure.
How severe is CVE-2019-20213?
CVE-2019-20213 has a severity score of 7.5, which is considered high.
How can the vulnerability in D-Link DIR-859 routers be exploited?
The vulnerability in D-Link DIR-859 routers can be exploited by sending a request with the AUTHORIZED_GROUP=1%0a value to vpnconfig.php.
Are other D-Link routers affected by CVE-2019-20213?
No, other D-Link routers are not affected by CVE-2019-20213.
How can I fix CVE-2019-20213?
To fix CVE-2019-20213, you should update your D-Link DIR-859 router to v1.07b03_beta or later.

collector/nvd-index
vendor/dlink
canonical/dlink dir-859 firmware
version/dlink dir-859 firmware/1.05b03
version/dlink dir-859 firmware/1.06b01-beta1
canonical/dlink dir-859
canonical/dlink dir-822 firmware
version/dlink dir-822 firmware/2.03b01
canonical/dlink dir-822
version/dlink dir-822 firmware/3.12b04
canonical/dlink dir-823 firmware
version/dlink dir-823 firmware/1.00b06
canonical/dlink dir-823
canonical/dlink dir-865l firmware
version/dlink dir-865l firmware/1.07b01
canonical/dlink dir-865l
canonical/dlink dir-868l firmware
version/dlink dir-868l firmware/1.12b04
canonical/dlink dir-868l
version/dlink dir-868l firmware/2.05b02
canonical/dlink dir-869 firmware
version/dlink dir-869 firmware/1.03b02
canonical/dlink dir-869
canonical/dlink dir-880l firmware
version/dlink dir-880l firmware/1.08b04
canonical/dlink dir-880l
canonical/dlink dir-890l firmware
version/dlink dir-890l firmware/1.11b01
canonical/dlink dir-890l
canonical/dlink dir-890r firmware
version/dlink dir-890r firmware/1.11b01
canonical/dlink dir-890r
canonical/dlink dir-885l firmware
version/dlink dir-885l firmware/1.12b05
canonical/dlink dir-885l
canonical/dlink dir-885r firmware
version/dlink dir-885r firmware/1.12b05
canonical/dlink dir-885r
canonical/dlink dir-895l firmware
version/dlink dir-895l firmware/1.12b10
canonical/dlink dir-895l
canonical/dlink dir-895r firmware
version/dlink dir-895r firmware/1.12b10
canonical/dlink dir-895r
canonical/dlink dir-818lx firmware
canonical/dlink dir-818lx