CVE-2019-13101

CRITICAL EXPLOITED NUCLEI

D-Link DIR-600M Firmware 3.02-3.06 - Unauthenticated Information Disclosure and Data Modification via wan.htm

Title source: llm

Exploitation Summary

CVE-2019-13101 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Devendra Singh Solanki, halencarjunior. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit auxiliary module scans for D-Link DIR-600M routers vulnerable to CVE-2019-13101, an incorrect access control flaw allowing unauthenticated access to WAN settings via /wan.htm. It checks for the presence of the router and the vulnerability by analyzing HTTP responses.

Description

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

Exploits (2)

exploitdb SCANNER

by Devendra Singh Solanki · rubywebappshardware

https://www.exploit-db.com/exploits/47250

View Code ZIP pw:eip

This Metasploit auxiliary module scans for D-Link DIR-600M routers vulnerable to CVE-2019-13101, an incorrect access control flaw allowing unauthenticated access to WAN settings via /wan.htm. It checks for the presence of the router and the vulnerability by analyzing HTTP responses.

Classification

Scanner 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-600M (Firmware Versions 3.01-3.06)

No auth needed

Prerequisites: Network access to the target router · Router must be a D-Link DIR-600M with vulnerable firmware

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER

by halencarjunior · infoleak

https://github.com/halencarjunior/dlkploit600

View Code ZIP pw:eip

This repository contains a Python script that scans for D-Link routers vulnerable to CVE-2019-13101 by checking for specific patterns in HTTP responses. It does not include exploit code but verifies the presence of the vulnerability.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06

No auth needed

Prerequisites: Network access to the target device · Target device must be a D-Link router with the vulnerable firmware

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

D-Link DIR-600M - Authentication Bypass

CRITICALby Suman_Kar

References (6)

Core 6

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf

Vendor Advisory x_refsource_misc

https://us.dlink.com/en/security-advisory

Third Party Advisory x_refsource_misc

https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101

View Writeup ZIP pw:eip

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2019/Aug/5

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Aug/17

Scores

CVSS v3 9.8

EPSS 0.8557

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-08-19

CWE

CWE-306

Status published

Products (4)

dlink/dir-600m_firmware 3.02

dlink/dir-600m_firmware 3.03

dlink/dir-600m_firmware 3.04

dlink/dir-600m_firmware 3.06

Published Aug 08, 2019

Tracked Since Feb 18, 2026