CVE-2019-7642

HIGH

D-Link DIR-817LW, DIR-816L, DIR-816, DIR-850L, and DIR-868L Firmware - Unauthenticated Information Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-7642. PoCs published by xw77cve.

AI-analyzed exploit summary This repository documents an authentication bypass vulnerability in D-Link routers with mydlink feature, allowing unauthenticated access to DNS query logs and login logs via specific endpoints. The PoC demonstrates information leakage through direct HTTP requests to vulnerable URLs.

Description

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10).

Exploits (1)

nomisec WRITEUP 16 stars

by xw77cve · poc

https://github.com/xw77cve/CVE-2019-7642

View Code ZIP pw:eip

This repository documents an authentication bypass vulnerability in D-Link routers with mydlink feature, allowing unauthenticated access to DNS query logs and login logs via specific endpoints. The PoC demonstrates information leakage through direct HTTP requests to vulnerable URLs.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: D-Link routers (DIR-817LW A1-1.04, DIR-816L B1-2.06, DIR-850L A1-1.09, DIR-868L A1-1.10)

No auth needed

Prerequisites: Network access to the vulnerable D-Link router · mydlink feature enabled on the target device

MITRE ATT&CK

T1592 - Gather Victim Host Information T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/xw77cve/CVE-2019-7642/blob/master/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.1087

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-306

Status published

Products (5)

dlink/dir-816_firmware 2.06

dlink/dir-816l_firmware 2.06

dlink/dir-817lw_firmware 1.04

dlink/dir-850l_firmware 1.09

dlink/dir-868l_firmware 1.10

Published Mar 25, 2019

Tracked Since Feb 18, 2026