Published: 01/08/2019 Updated: 09/08/2019
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An issue exists on D-Link 6600-AP and DWL-3600AP Ax 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request.

Vulnerability Trend

Affected Products

Vendor Product Versions
Dlink6600-ap Firmware4.2.0.14
DlinkDwl-3600ap Firmware4.2.0.14

Mailing Lists

D-Link 6600-AP suffers from cross site scripting, key extraction, shell escape, config file disclosure, and denial of service vulnerabilities ...