CVE-2019-19598

Name of the Vulnerable Software and Affected Versions D-Link DAP-1860 versions prior to v1.04b03 Beta

Description The issue allows access to administrator functions without authentication by manipulating the HNAP AUTH header timestamp value in HTTP requests. This value is compared to the one stored in the device's /var/hnap/timestamp file. If the two values match, the request passes the authentication check.

Recommendations For versions prior to v1.04b03 Beta, update to version v1.04b03 Beta or later to resolve the issue. As a temporary workaround, consider restricting access to the device's administrator functions until the update can be applied.