CVE-2019-13101

CRITICAL EXPLOITED NUCLEI

Dlink Dir-600m Firmware - Missing Authentication

Title source: rule

Description

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.

Exploits (2)

exploitdb SCANNER

by Devendra Singh Solanki · rubywebappshardware

https://www.exploit-db.com/exploits/47250

View Code ZIP pw:eip

nomisec SCANNER

by halencarjunior · infoleak

https://github.com/halencarjunior/dlkploit600

View Code ZIP pw:eip

Nuclei Templates (1)

D-Link DIR-600M - Authentication Bypass

CRITICALby Suman_Kar

References (6)

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Aug/5

[Third Party Advisory] https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/Aug/17

[Vendor Advisory] https://us.dlink.com/en/security-advisory

[Third Party Advisory, US Government Resource] https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf

Scores

CVSS v3 9.8

EPSS 0.8557

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-08-19

CWE

CWE-306

Status published

Products (4)

dlink/dir-600m_firmware 3.02

dlink/dir-600m_firmware 3.03

dlink/dir-600m_firmware 3.04

dlink/dir-600m_firmware 3.06

Published Aug 08, 2019

Tracked Since Feb 18, 2026