Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
739
VMScore

CVE-2019-19598

Published: 05/12/2019 Updated: 14/12/2019
CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 739
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Dlink

Vulnerability Summary

D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dlink dap-1860_firmware 1.01b06

dlink dap-1860_firmware 1.02b01

dlink dap-1860_firmware 1.04b01

References

CWE-287https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook