CVE-2019-7390
First published: Tue Feb 05 2019(Updated: )
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-823g Firmware | =1.02b03 | |
| Dlink Dir-823g |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-7390.
What is the title of the vulnerability?
The title of the vulnerability is 'An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03'.
What is the description of the vulnerability?
The vulnerability allows remote attackers to hijack the DNS service configuration of all clients in the WLAN without authentication.
How severe is CVE-2019-7390?
The severity of CVE-2019-7390 is high with a CVSS score of 8.6.
How can I fix CVE-2019-7390?
To fix CVE-2019-7390, update the firmware of the D-Link DIR-823G device to version 1.02B04 or later.
- collector/nvd-index
- agent/weakness
- agent/event
- vendor/dlink
- canonical/dlink dir-823g firmware
- version/dlink dir-823g firmware/1.02b03
- canonical/dlink dir-823g