⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2019-19597

CWE-863Incorrect Authorization5 documents5 sources
Severity
8.8HIGH
EPSS
11.2%
top 6.49%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Dlink Dap-1860 Firmware
Timeline
PublishedDec 5
Latest updateJul 21

Description

D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDdlink/dap-1860_firmware1.01b06, 1.02b01, 1.04b01+2

🔴Vulnerability Details

3
GHSA
GHSA-3vwg-cxp6-wf3x: D-Link DAP-1860 devices before v12022-05-24
CVEList
CVE-2019-19597: D-Link DAP-1860 devices before v12019-12-05
VulnCheck
D-Link dap-1860_firmware Incorrect Authorization2019

🕵️Threat Intelligence

1
Unit42
Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report2022-07-21
CVE-2019-19597 (HIGH CVSS 8.8) | D-Link DAP-1860 devices before v1.0 | cvebase.io