CVE-2019-16190

Vulnerability

SharePort Web Access, a feature enabled by default on D-Link DIR-868L REVB (firmware up to 2.03), DIR-885L REVA (up to 1.20), and DIR-895L REVA (up to 1.21), fails to enforce authentication for certain endpoints. Direct requests to folder_view.php, category_view.php, or logininfo.xml bypass the login mechanism entirely. Additionally, the default administrator credentials are Admin with a blank password, further weakening access control [1].

Exploitation

An attacker with network access to the router's SharePort Web Access service (typically on TCP port 8181) can simply navigate to http://:8181/folder_view.php or similar paths without providing any credentials. No user interaction or prior authentication is required. The blog post demonstrates that the authentication function get_login_info() is called on page load but is not enforced for direct access to these PHP pages [1].

Impact

Successful exploitation grants an unauthenticated attacker read access to files stored on the USB drive connected to the router. This can lead to disclosure of sensitive data (e.g., documents, backups, personal files). The attacker does not gain administrative control over the router itself, but the confidentiality of attached storage is compromised [1].

Mitigation

As of the publication date (September 2019), no firmware update was available to fix this vulnerability; the listed firmware versions were the latest at the time [1]. Users should disable SharePort Web Access if not required, or restrict access to trusted networks via firewall rules. D-Link may have released patches after this disclosure; consult the vendor's support page for current firmware.