CVE-2019-20213
HIGHD-Link DIR-859 Firmware < 1.07b03_beta - Unauthenticated Information Disclosure via AUTHORIZED_GROUP Parameter
Title source: llmDescription
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-en-faf1a9a13f3f
Various Sources x_refsource_misc
https://medium.com/%40s1kr10s/d-link-dir-859-unauthenticated-information-disclosure-es-6540f7f55b03
Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147
Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146
Scores
CVSS v3
7.5
EPSS
0.0084
EPSS Percentile
74.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-74
CWE-863
Status
published
Products (15)
dlink/dir-818lx_firmware
dlink/dir-822_firmware
< 2.03b01
dlink/dir-823_firmware
< 1.00b06
dlink/dir-859_firmware
1.06b01 beta1
dlink/dir-859_firmware
< 1.05b03
dlink/dir-865l_firmware
< 1.07b01
dlink/dir-868l_firmware
< 1.12b04
dlink/dir-869_firmware
< 1.03b02
dlink/dir-880l_firmware
< 1.08b04
dlink/dir-885l_firmware
< 1.12b05
... and 5 more
Published
Jan 02, 2020
Tracked Since
Feb 18, 2026