PT-2019-13618 · D Link · D-Link 6600-Ap+1

Published

2019-08-01

Updated

2021-04-23

CVE-2019-14336

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions D-Link 6600-AP and DWL-3600AP Ax version 4.2.0.14

Description An issue allows for a post-authenticated dump of all configuration files through a certain "admin.cgi?action=" insecure HTTP request.

Recommendations For D-Link 6600-AP and DWL-3600AP Ax version 4.2.0.14, consider restricting access to the "admin.cgi" endpoint until a patch is available. Avoid using the "action" parameter in the affected HTTP request to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-14336

Affected Products

D-Link 6600-Ap

Dwl-3600Ap Ax

PT-2019-13618 · D Link · D-Link 6600-Ap+1

CVE-2019-14336

Related Identifiers

Affected Products

References · 5