Authentication Bypass in D-Link DAP-1860 Devices
CVE-2019-19598

8.8HIGH

Key Information:

Vendor

D-Link
Status
Dap-1860 Firmware
Vendor
CVE Published:
5 December 2019

What is CVE-2019-19598?

The D-Link DAP-1860 devices prior to version 1.04b03 Beta are susceptible to an authentication bypass vulnerability that allows unauthorized access to administrator functions. This occurs due to improper validation of the HNAP_AUTH header timestamp value, which can be manipulated. If an attacker sends a request where the timestamp matches the stored value in the device's /var/hnap/timestamp file, the HNAP_AUTH check will erroneously validate the request, granting the attacker access to sensitive administrative functionalities. This flaw emphasizes the need for robust security measures in the management of network devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://supportannouncement.us.dlink.com/announcement/pub...
x_refsource_MISC
https://chung96vn.wordpress.com/2019/11/15/d-link-dap-186...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.