An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106852 | Third Party Advisory |
https://github.com/leonW7/D-Link/blob/master/Vul_3.md | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-02-05T00:00:00
Updated: 2019-02-06T10:57:02
Reserved: 2019-02-04T00:00:00
Link: CVE-2019-7388
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-02-05T00:29:00.277
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-7388
JSON object: View
Redhat Information
No data.
CWE