CyberSec.Space Logo
Back to CVE Browser

CVE-2019-15655

HIGH
7.5
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile36.24th
PublishedMar 19, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext.

Affected Platforms (CPE)

πŸ’»
Dlink

Dsl 2875al Firmware

<= 1.00.05

References & Advisories

πŸ”— https://www.dlink.com/en/security-bulletin
πŸ”— https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26165
πŸ”— https://www.dlink.com/en/security-bulletin
πŸ”— https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26165

Related Vulnerabilities

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-1151010.0

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated rem...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-186710.0

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypa...