CVE-2019-16190 : What You Need to Know

D-Link DIR-868L REVB, DIR-885L REVA, and DIR-895L REVA devices are vulnerable to an Authentication Bypass through SharePort Web Access.

Understanding CVE-2019-16190

This CVE identifies a security vulnerability in D-Link routers that allows attackers to bypass authentication.

What is CVE-2019-16190?

The SharePort Web Access feature on specific D-Link router models can be exploited to bypass authentication by sending direct requests to certain files.

The Impact of CVE-2019-16190

This vulnerability could lead to unauthorized access to the router's settings and potentially compromise the network's security.

Technical Details of CVE-2019-16190

SharePort Web Access on D-Link DIR-868L REVB (up to version 2.03), DIR-885L REVA (up to version 1.20), and DIR-895L REVA (up to version 1.21) devices is affected.

Vulnerability Description

An attacker can exploit this vulnerability by directly requesting folder_view.php or category_view.php, enabling them to bypass authentication.

Affected Systems and Versions

D-Link DIR-868L REVB (up to version 2.03)
D-Link DIR-885L REVA (up to version 1.20)
D-Link DIR-895L REVA (up to version 1.21)

Exploitation Mechanism

Attackers can achieve Authentication Bypass by making direct requests to specific files within the SharePort Web Access feature.

Mitigation and Prevention

It is crucial to take immediate steps to secure the affected devices and implement long-term security practices.

Immediate Steps to Take

Disable SharePort Web Access feature on the affected D-Link routers.
Regularly monitor for any unauthorized access or changes in router settings.

Long-Term Security Practices

Keep router firmware up to date to patch known vulnerabilities.
Implement strong and unique passwords for router access.

Patching and Updates

Check for firmware updates from D-Link and apply them promptly to mitigate the vulnerability.