First published: Thu Dec 05 2019(Updated: )
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dap-1860 Firmware | =1.01b06 | |
Dlink Dap-1860 Firmware | =1.02b01 | |
Dlink Dap-1860 Firmware | =1.04b01 | |
Dlink Dap-1860 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19598 is a vulnerability in D-Link DAP-1860 devices that allows access to administrator functions without authentication.
CVE-2019-19598 allows unauthorized access by bypassing authentication via the HNAP_AUTH header timestamp value.
If you are using D-Link DAP-1860 devices before v1.04b03 Beta, your device may be affected by CVE-2019-19598.
To fix CVE-2019-19598, you should update your D-Link DAP-1860 device to version v1.04b03 Beta or later.
CVE-2019-19598 has a severity rating of 8.8 (high).