CVE-2019-19597
published 2019-12-05CVE-2019-19597: D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH…
high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITW
Exploited in the wild
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dap-1860_firmware | — | — |
| dlink | dap-1860_firmware | — | — |
| dlink | dap-1860_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH