CVE-2019-14334

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 92.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink 6600-ap Firmware Dlink Dwl-3600ap Firmware Dlink Dwl-8610ap Firmware

Timeline

PublishedAug 1

Latest updateMay 24

Description

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDdlink/6600-ap_firmware4.2.0.14

▶NVDdlink/dwl-3600ap_firmware4.2.0.14

▶NVDdlink/dwl-8610ap_firmware4.2.0.14

🔴Vulnerability Details

GHSA

GHSA-8xmp-x69h-8jfq: An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4↗2022-05-24

▶

CVEList

CVE-2019-14334: An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4↗2019-08-01

▶

💬Community

Bugzilla

CVE-2019-12865 radare2: double free in cmd_mount in libr/core/cmd_mount.c↗2019-07-01

▶