Auth bypass in Dlink Dir-816

CVE-2019-7642

D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmwa…

Vulnerability class: Broken Authentication

EPSS: 0.026 (83.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2019-7642?
CVE-2019-7642 is a high-severity vulnerability in Dlink Dir-816, classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2019-03-25.
How severe is CVE-2019-7642?
High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2019-7642 known to be exploited?
3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.