CVE-2019-19597

Опубликовано: 05 дек. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 8.3

EPSS Низкий

Описание

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

Ссылки

https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135
Third Party Advisory
https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:dlink:dap-1860_firmware:1.01b06:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dap-1860_firmware:1.02b01:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dap-1860_firmware:1.04b01:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-1860:-:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08432

Низкий

8.8 High

CVSS3

8.3 High

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-3vwg-cxp6-wf3x

github

больше 3 лет назад