CVE-2019-18666

An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://c1a.eu/dlink-dap-1360.html	Exploit Third Party Advisory
https://daschloer.github.io/sec/dlink-dap-1360.html	Exploit Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10171	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dap-1360_revision_f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dap-1360_revision_f:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-05-15 18:15

Updated : 2024-02-28 17:47

NVD link : CVE-2019-18666

Mitre link : CVE-2019-18666

CVE.ORG link : CVE-2019-18666

JSON object : View

Products Affected

dlink

dap-1360_revision_f_firmware
dap-1360_revision_f

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2019-18666", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-05-15T18:15:13.010", "references": [{"url": "http://c1a.eu/dlink-dap-1360.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://daschloer.github.io/sec/dlink-dap-1360.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10171", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization."}, {"lang": "es", "value": "Se ha detectado un problema en los dispositivos D-Link DAP-1360 revision F. Los atacantes remotos pueden iniciar un servicio telnet sin autorizaci\u00f3n por medio de una petici\u00f3n HTTP no documentada. Aunque \u00e9sta es la principal vulnerabilidad, el impacto depende de la versi\u00f3n del firmware. Las versiones 609EU a 613EUbeta fueron probadas. Las versiones hasta la 6.12b01 contienen credenciales root d\u00e9biles, permitiendo a un atacante conseguir acceso root remoto. Despu\u00e9s de la versi\u00f3n 6.12b01, las credenciales root fueron cambiadas pero el servicio telnet todav\u00eda puede ser iniciado sin autorizaci\u00f3n."}], "lastModified": "2023-04-26T19:27:52.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dap-1360_revision_f_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FF25920-0137-423F-8D6D-6509D59DC2D0", "versionEndIncluding": "6.12b01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dap-1360_revision_f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "013E7007-A652-4B77-A274-975D7387ABAD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}