{"api_version":"1","generated_at":"2026-04-23T21:01:02+00:00","cve":"CVE-2019-13101","urls":{"html":"https://cve.report/CVE-2019-13101","api":"https://cve.report/api/cve/CVE-2019-13101.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-13101","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-13101"},"summary":{"title":"CVE-2019-13101","description":"An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-08-08 13:15:00","updated_at":"2021-04-23 15:17:00"},"problem_types":["CWE-306"],"metrics":[],"references":[{"url":"https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101","name":"https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101","refsource":"MISC","tags":["Third Party Advisory"],"title":"D-Link-DIR-600M/CVE-2019-13101 at master · d0x0/D-Link-DIR-600M · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://us.dlink.com/en/security-advisory","name":"https://us.dlink.com/en/security-advisory","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Advisory | D-Link","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2019/Aug/5","name":"20190809 Dlink-CVE-2019-13101","refsource":"FULLDISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: Dlink-CVE-2019-13101","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Aug/17","name":"20190813 Dlink-CVE-2019-13101","refsource":"BUGTRAQ","tags":["Mailing List","Third Party Advisory"],"title":"Bugtraq: Dlink-CVE-2019-13101","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html","name":"http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"D-Link DIR-600M Wireless N 150 Home Router Access Bypass ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf","name":"https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-13101","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13101","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"13101","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dlink","cpe5":"dir-600m","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dlink","cpe5":"dir-600m","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-600m_firmware","cpe6":"3.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-600m_firmware","cpe6":"3.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-600m_firmware","cpe6":"3.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-600m_firmware","cpe6":"3.06","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-600m_firmware","cpe6":"3.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-600m_firmware","cpe6":"3.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-600m_firmware","cpe6":"3.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13101","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dlink","cpe5":"dir-600m_firmware","cpe6":"3.06","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-13101","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf","url":"https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf"},{"refsource":"MISC","name":"https://us.dlink.com/en/security-advisory","url":"https://us.dlink.com/en/security-advisory"},{"refsource":"MISC","name":"https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101","url":"https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html","url":"http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html"},{"refsource":"FULLDISC","name":"20190809 Dlink-CVE-2019-13101","url":"http://seclists.org/fulldisclosure/2019/Aug/5"},{"refsource":"BUGTRAQ","name":"20190813 Dlink-CVE-2019-13101","url":"https://seclists.org/bugtraq/2019/Aug/17"}]}},"nvd":{"publishedDate":"2019-08-08 13:15:00","lastModifiedDate":"2021-04-23 15:17:00","problem_types":["CWE-306"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:dlink:dir-600m_firmware:3.03:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:dlink:dir-600m_firmware:3.04:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:dlink:dir-600m_firmware:3.06:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:dlink:dir-600m:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"13101","Ordinal":"151459","Title":"CVE-2019-13101","CVE":"CVE-2019-13101","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"13101","Ordinal":"1","NoteData":"An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"13101","Ordinal":"2","NoteData":"2019-08-08","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"13101","Ordinal":"3","NoteData":"2019-08-13","Type":"Other","Title":"Modified"}]}}}