CVE-2019-19598
published 2019-12-05CVE-2019-19598: D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP…
high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dap-1860_firmware | — | — |
| dlink | dap-1860_firmware | — | — |
| dlink | dap-1860_firmware | — | — |