Описание
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:dlink:6600-ap_firmware:4.2.0.14:*:*:*:*:*:*:*
cpe:2.3:h:dlink:6600-ap:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:dlink:dwl-3600ap_firmware:4.2.0.14:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwl-3600ap:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:dlink:dwl-8610ap_firmware:4.2.0.14:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwl-8610ap:-:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00026
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-295
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.
EPSS
Процентиль: 7%
0.00026
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-295