CVE-2019-13263 - D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a gues

CVE-2019-13263

Summary

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.

References

Vulnerable Configurations

cpe:2.3:o:dlink:dir-825\/ac_g1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-825\/ac_g1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825\/ac_g1:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-825\/ac_g1:-:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 27-04-2023 - 14:29)
Impact:
Exploitability:

CWE

CWE-669

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:A/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

Last major update

27-04-2023 - 14:29

Published

27-08-2019 - 18:15

Last modified

27-04-2023 - 14:29