CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-15655

HIGH
7.5
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile36.24th
Published2020年3月19日
Last Modified2024年11月21日

Vulnerability Description

D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext.

Affected Platforms (CPE)

💻
Dlink

Dsl 2875al Firmware

<= 1.00.05

References & Advisories

🔗 https://www.dlink.com/en/security-bulletin
🔗 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26165
🔗 https://www.dlink.com/en/security-bulletin
🔗 https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26165

関連する脆弱性情報

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...