CVE-2019-13101
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 30, 2019
- Published Date
- August 08, 2019
- Last Updated
- August 04, 2024
- Vendor
- n/a
- Product
- n/a
- Description
- An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page.
- Tags
- Exploited in the Wild
- Yes (2025-09-16 00:00:00 UTC) Source
nuclei_scanner
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploit Status
References
https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdf
https://us.dlink.com/en/security-advisory
https://github.com/d0x0/D-Link-DIR-600M/blob/master/CVE-2019-13101
http://packetstormsecurity.com/files/153994/D-Link-DIR-600M-Wireless-N-150-Home-Router-Access-Bypass.html
http://seclists.org/fulldisclosure/2019/Aug/5
https://seclists.org/bugtraq/2019/Aug/17
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-09-16 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-13101.yaml | 2025-04-25 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Added to KEVIntel