Authentication Bypass in D-Link DAP-1650 Devices
CVE-2019-12768

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dap-1650 Firmware
Vendor: CVE Published:; 30 December 2020

What is CVE-2019-12768?

An authentication bypass vulnerability was identified in D-Link DAP-1650 devices running firmware version v1.03b07 and earlier. This issue allows attackers to exploit the device by utilizing forceful browsing techniques, enabling unauthorized access to certain functionalities without proper authentication. Users of the DAP-1650 should ensure they update to firmware version 1.04B02_J65H Hot Fix or later to mitigate the risk associated with this vulnerability.

References

ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/D...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2020
Vulnerability Reserved
Jun 7, 2019