First published: Mon Mar 25 2019(Updated: )
D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-817lw Firmware | =1.04 | |
Dlink Dir-817lw | =a1 | |
Dlink Dir-816l Firmware | =2.06 | |
Dlink Dir-816l | =b1 | |
Dlink Dir-816 Firmware | =2.06 | |
Dlink DIR-816 | =b1 | |
Dlink Dir-850l Firmware | =1.09 | |
Dlink Dir-850l | =a1 | |
Dlink Dir-868l Firmware | =1.10 | |
Dlink Dir-868l | =a1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-7642 is a vulnerability that affects D-Link routers with the mydlink feature, allowing attackers to remotely obtain users' DNS query logs and login logs.
D-Link routers with the mydlink feature, specifically the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816, DIR-850L, and DIR-868L are affected by CVE-2019-7642.
CVE-2019-7642 has a severity rating of 7.5 (high).
To fix CVE-2019-7642, make sure to update your D-Link router firmware to the latest version provided by the vendor.
More information about CVE-2019-7642 can be found at the following link: [https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md](https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md)