D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.
References
Link | Resource |
---|---|
https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/ | Exploit Third Party Advisory |
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2019-12-05 04:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-19597
Mitre link : CVE-2019-19597
CVE.ORG link : CVE-2019-19597
JSON object : View
Products Affected
dlink
- dap-1860
- dap-1860_firmware
CWE
CWE-863
Incorrect Authorization