Sign-up

ID

VAR-201912-1374


CVE

CVE-2019-19597


TITLE

D-Link DAP-1860 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-012998

DESCRIPTION

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. D-Link DAP-1860 The device contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. D-Link DAP-1860 is a WiFi range extender from Taiwan D-Link. D-Link DAP-1860 has a remote code execution vulnerability

Trust: 2.16

sources: NVD: CVE-2019-19597 // JVNDB: JVNDB-2019-012998 // CNVD: CNVD-2020-01275

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-01275

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1860scope:eqversion:1.01b06

Trust: 1.0

vendor:dlinkmodel:dap-1860scope:eqversion:1.02b01

Trust: 1.0

vendor:dlinkmodel:dap-1860scope:eqversion:1.04b01

Trust: 1.0

vendor:d linkmodel:dap-1860scope:ltversion:1.04b03 beta

Trust: 0.8

vendor:d linkmodel:dap-1860 <1.04b03 betascope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-01275 // JVNDB: JVNDB-2019-012998 // NVD: CVE-2019-19597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19597
value: HIGH

Trust: 1.0

NVD: CVE-2019-19597
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-01275
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-215
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-19597
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-01275
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19597
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-19597
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-01275 // JVNDB: JVNDB-2019-012998 // CNNVD: CNNVD-201912-215 // NVD: CVE-2019-19597

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2019-012998 // NVD: CVE-2019-19597

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201912-215

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201912-215

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012998

PATCH
title:SAP10135url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135
Trust: 0.8
title:Patch for D-Link DAP-1860 Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/196587
Trust: 0.6
title:D-Link DAP-1860 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105262
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-01275 // 
            
            
            
            JVNDB: JVNDB-2019-012998 // 
            
            
            
            CNNVD: CNNVD-201912-215

EXTERNAL IDS
db:NVDid:CVE-2019-19597
Trust: 3.0
db:DLINKid:SAP10135
Trust: 1.6
db:JVNDBid:JVNDB-2019-012998
Trust: 0.8
db:CNVDid:CNVD-2020-01275
Trust: 0.6
db:CNNVDid:CNNVD-201912-215
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-01275 // 
            
            
            
            JVNDB: JVNDB-2019-012998 // 
            
            
            
            CNNVD: CNNVD-201912-215 // 
            
            
            
            NVD: CVE-2019-19597

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-19597
Trust: 2.0
url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10135
Trust: 1.6
url:https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19597
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-01275 // 
            
            
            
            JVNDB: JVNDB-2019-012998 // 
            
            
            
            CNNVD: CNNVD-201912-215 // 
            
            
            
            NVD: CVE-2019-19597

SOURCES
db:CNVDid:CNVD-2020-01275
db:JVNDBid:JVNDB-2019-012998
db:CNNVDid:CNNVD-201912-215
db:NVDid:CVE-2019-19597

LAST UPDATE DATE
2024-11-23T21:36:16.347000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-01275date:2020-01-10T00:00:00
db:JVNDBid:JVNDB-2019-012998date:2019-12-18T00:00:00
db:CNNVDid:CNNVD-201912-215date:2020-08-25T00:00:00
db:NVDid:CVE-2019-19597date:2024-11-21T04:35:01.310

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-01275date:2020-01-09T00:00:00
db:JVNDBid:JVNDB-2019-012998date:2019-12-18T00:00:00
db:CNNVDid:CNNVD-201912-215date:2019-12-04T00:00:00
db:NVDid:CVE-2019-19597date:2019-12-05T04:15:11.757