CVE-2019-7388: Infoleak
First published: Tue Feb 05 2019(Updated: )
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-823g Firmware | =1.02b03 | |
| Dlink Dir-823g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-7388.
What devices are affected by this vulnerability?
This vulnerability affects D-Link DIR-823G devices with firmware 1.02B03.
What is the severity of CVE-2019-7388?
The severity of CVE-2019-7388 is high with a CVSS score of 7.5.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by using the GetClientInfo HNAP API to retrieve sensitive information, such as MAC addresses, about all clients in the WLAN.
Are there any known fixes for this vulnerability?
There is no known fix for this vulnerability at the moment. It is recommended to update the firmware of the affected devices if a patch becomes available.
- collector/nvd-index
- vendor/dlink
- canonical/dlink dir-823g firmware
- version/dlink dir-823g firmware/1.02b03
- canonical/dlink dir-823g