d-link DSL-2680 Security Vulnerabilities

5 Vulnerabilities

Description
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-19223, Last Modified: 2020-03-04T20:09:00Z References Advisory
A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-19222, Last Modified: 2020-03-04T20:09:00Z References Advisory
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-19225, Last Modified: 2020-03-04T20:09:00Z References Advisory
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-19224, Last Modified: 2020-03-04T20:09:00Z References Advisory
A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-19226, Last Modified: 2020-03-04T20:09:00Z References Advisory

Description

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2019-19223, Last Modified: 2020-03-04T20:09:00Z

References

Advisory

A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2019-19222, Last Modified: 2020-03-04T20:09:00Z

References

Advisory

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2019-19225, Last Modified: 2020-03-04T20:09:00Z

References

Advisory

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2019-19224, Last Modified: 2020-03-04T20:09:00Z

References

Advisory

A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2019-19226, Last Modified: 2020-03-04T20:09:00Z

References

Advisory

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.