CVE-2019-19597 - D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without a

CVE-2019-19597

Summary

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

References

Vulnerable Configurations

cpe:2.3:o:dlink:dap-1860_firmware:1.01b06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1860_firmware:1.01b06:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1860_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1860_firmware:1.02b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1860_firmware:1.04b01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dap-1860_firmware:1.04b01:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1860:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dap-1860:-:*:*:*:*:*:*:*

CVSS

Base:	8.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc

Last major update

24-08-2020 - 17:37

Published

05-12-2019 - 04:15

Last modified

24-08-2020 - 17:37