How severe is CVE-2019-13263?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2019-13263?

This is classified as CWE-669, which is a common weakness in software security.

CVE-2019-13263 - HIGH Severity | CVSS 8.8

Vulnerability Description

D-link DIR-825AC G1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.

Related Vulnerabilities

CVE-2019-11875

HIGH

CVSS:8.8(High)

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the applicat...

CWE-6692019

CVE-2019-13266

HIGH

CVSS:8.8(High)

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to th...

CWE-6692019

CVE-2020-25917

HIGH

CVSS:8.8(High)

Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operation...

CWE-6692020

CVE-2021-45891

HIGH

CVSS:8.8(High)

An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.

CWE-6692021

CVE-2019-1020011

CRITICAL

CVSS:9.0(Critical)

SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.

CWE-6692019

CVE-2025-41645

HIGH

CVSS:8.6(High)

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.

CWE-6692025