D-Link DSL-2875AL Password Disclosure Vulnerability

D-Link DSL-2875AL Password Disclosure Vulnerability

CVE-2019-15655 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

D-Link DSL-2875AL devices through 1.00.05 are prone to password disclosure via a simple crafted /romfile.cfg request to the web management server. This request doesn't require any authentication and will lead to saving the configuration file. The password is stored in cleartext.

Learn more about our Web App Pen Testing.