CVE-2019-19598
First published: Thu Dec 05 2019(Updated: )
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dap-1860 Firmware | =1.01b06 | |
| Dlink Dap-1860 Firmware | =1.02b01 | |
| Dlink Dap-1860 Firmware | =1.04b01 | |
| Dlink Dap-1860 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-19598?
CVE-2019-19598 is a vulnerability in D-Link DAP-1860 devices that allows access to administrator functions without authentication.
How does CVE-2019-19598 work?
CVE-2019-19598 allows unauthorized access by bypassing authentication via the HNAP_AUTH header timestamp value.
Is my D-Link DAP-1860 device affected by CVE-2019-19598?
If you are using D-Link DAP-1860 devices before v1.04b03 Beta, your device may be affected by CVE-2019-19598.
How can I fix CVE-2019-19598?
To fix CVE-2019-19598, you should update your D-Link DAP-1860 device to version v1.04b03 Beta or later.
What is the severity of CVE-2019-19598?
CVE-2019-19598 has a severity rating of 8.8 (high).
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- vendor/dlink
- canonical/dlink dap-1860 firmware
- version/dlink dap-1860 firmware/1.01b06
- version/dlink dap-1860 firmware/1.02b01
- version/dlink dap-1860 firmware/1.04b01
- canonical/dlink dap-1860