PT-2019-13618 · D Link · D-Link 6600-Ap+1

Publicado

2019-08-01

Atualizado

2021-04-23

CVE-2019-14336

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions D-Link 6600-AP and DWL-3600AP Ax version 4.2.0.14

Description An issue allows for a post-authenticated dump of all configuration files through a certain "admin.cgi?action=" insecure HTTP request.

Recommendations For D-Link 6600-AP and DWL-3600AP Ax version 4.2.0.14, consider restricting access to the "admin.cgi" endpoint until a patch is available. Avoid using the "action" parameter in the affected HTTP request to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-14336

Produtos afetados

D-Link 6600-Ap

Dwl-3600Ap Ax

PT-2019-13618 · D Link · D-Link 6600-Ap+1

CVE-2019-14336

Identificadores relacionados

Produtos afetados

Referências · 5