Sign-up

ID

VAR-202005-0562


CVE

CVE-2019-18666


TITLE

D-Link DAP-1360 Vulnerability in lack of authentication on device

Trust: 0.8

sources: JVNDB: JVNDB-2019-015597

DESCRIPTION

An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. D-Link DAP-1360 The device contains a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DAP-136 is a wireless network signal extender from D-Link, Taiwan. There is a security vulnerability in D-Link DAP-1360 (all Fx hardware versions) using firmware v6.13EUb01 and earlier

Trust: 2.16

sources: NVD: CVE-2019-18666 // JVNDB: JVNDB-2019-015597 // CNVD: CNVD-2020-33176

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-33176

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1360 revision fscope:lteversion:6.12b01

Trust: 1.0

vendor:d linkmodel:dap-1360scope:eqversion:6.12b01

Trust: 0.8

vendor:d linkmodel:dap-1360 <=v6.13eub01scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-33176 // JVNDB: JVNDB-2019-015597 // NVD: CVE-2019-18666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18666
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-015597
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-33176
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202005-829
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-18666
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015597
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-33176
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18666
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015597
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-33176 // JVNDB: JVNDB-2019-015597 // CNNVD: CNNVD-202005-829 // NVD: CVE-2019-18666

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:CWE-862

Trust: 0.8

sources: JVNDB: JVNDB-2019-015597 // NVD: CVE-2019-18666

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-829

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202005-829

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015597

PATCH
title:(non-US) DAP-1360 :: CVE-2019-18666 :: H/W Rev. Fx :: F/W 6.13EUb01 and older ::Unauthenticated Command Bypass to Elevated Privilegesurl:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10171
Trust: 0.8
title:Patch for D-Link DAP-1360 Privilege Elevation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/221795
Trust: 0.6
title:D-Link DAP-136 Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=119353
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33176 // 
            
            
            
            JVNDB: JVNDB-2019-015597 // 
            
            
            
            CNNVD: CNNVD-202005-829

EXTERNAL IDS
db:NVDid:CVE-2019-18666
Trust: 3.0
db:DLINKid:SAP10171
Trust: 1.6
db:JVNDBid:JVNDB-2019-015597
Trust: 0.8
db:CNVDid:CNVD-2020-33176
Trust: 0.6
db:CNNVDid:CNNVD-202005-829
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-33176 // 
            
            
            
            JVNDB: JVNDB-2019-015597 // 
            
            
            
            CNNVD: CNNVD-202005-829 // 
            
            
            
            NVD: CVE-2019-18666

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-18666
Trust: 2.0
url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10171
Trust: 1.6
url:https://daschloer.github.io/sec/dlink-dap-1360.html
Trust: 1.6
url:http://c1a.eu/dlink-dap-1360.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18666
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-33176 // 
            
            
            
            JVNDB: JVNDB-2019-015597 // 
            
            
            
            CNNVD: CNNVD-202005-829 // 
            
            
            
            NVD: CVE-2019-18666

SOURCES
db:CNVDid:CNVD-2020-33176
db:JVNDBid:JVNDB-2019-015597
db:CNNVDid:CNNVD-202005-829
db:NVDid:CVE-2019-18666

LAST UPDATE DATE
2024-11-23T22:41:05.629000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-33176date:2020-06-16T00:00:00
db:JVNDBid:JVNDB-2019-015597date:2020-06-19T00:00:00
db:CNNVDid:CNNVD-202005-829date:2023-04-27T00:00:00
db:NVDid:CVE-2019-18666date:2024-11-21T04:33:29.393

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-33176date:2020-06-16T00:00:00
db:JVNDBid:JVNDB-2019-015597date:2020-06-19T00:00:00
db:CNNVDid:CNNVD-202005-829date:2020-05-15T00:00:00
db:NVDid:CVE-2019-18666date:2020-05-15T18:15:13.010