Vulnerability Description
An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dap-1360 Revision F Firmware | <= 6.12b01 |
| Dlink | Dap-1360 Revision F | - |
Related Weaknesses (CWE)
References
- http://c1a.eu/dlink-dap-1360.htmlExploitThird Party Advisory
- https://daschloer.github.io/sec/dlink-dap-1360.htmlExploitThird Party Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1PatchVendor Advisory
- http://c1a.eu/dlink-dap-1360.htmlExploitThird Party Advisory
- https://daschloer.github.io/sec/dlink-dap-1360.htmlExploitThird Party Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1PatchVendor Advisory
FAQ
What is CVE-2019-18666?
CVE-2019-18666 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerab...
How severe is CVE-2019-18666?
CVE-2019-18666 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-18666?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dap-1360 Revision F Firmware, Dlink Dap-1360 Revision F.