CVE-2019-18666

{"id": "CVE-2019-18666", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-05-15T18:15:13.010", "references": [{"url": "http://c1a.eu/dlink-dap-1360.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://daschloer.github.io/sec/dlink-dap-1360.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10171", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://c1a.eu/dlink-dap-1360.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://daschloer.github.io/sec/dlink-dap-1360.html", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10171", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization."}, {"lang": "es", "value": "Se ha detectado un problema en los dispositivos D-Link DAP-1360 revision F. Los atacantes remotos pueden iniciar un servicio telnet sin autorizaci\u00f3n por medio de una petici\u00f3n HTTP no documentada. Aunque \u00e9sta es la principal vulnerabilidad, el impacto depende de la versi\u00f3n del firmware. Las versiones 609EU a 613EUbeta fueron probadas. Las versiones hasta la 6.12b01 contienen credenciales root d\u00e9biles, permitiendo a un atacante conseguir acceso root remoto. Despu\u00e9s de la versi\u00f3n 6.12b01, las credenciales root fueron cambiadas pero el servicio telnet todav\u00eda puede ser iniciado sin autorizaci\u00f3n."}], "lastModified": "2024-11-21T04:33:29.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dap-1360_revision_f_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FF25920-0137-423F-8D6D-6509D59DC2D0", "versionEndIncluding": "6.12b01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dap-1360_revision_f:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "013E7007-A652-4B77-A274-975D7387ABAD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}