CVE-2019-19598 - OpenCVE

D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dap-1860 Dap-1860 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:dlink:dap-1860_firmware:1.01b06:::::::*
	cpe:2.3:o:dlink:dap-1860_firmware:1.02b01:::::::*
	cpe:2.3:o:dlink:dap-1860_firmware:1.04b01:::::::*

cpe:2.3:h:dlink:dap-1860:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-05T03:07:05

Updated: 2024-08-05T02:25:11.437Z

Reserved: 2019-12-05T00:00:00

Link: CVE-2019-19598

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-05T04:15:11.817

Modified: 2019-12-14T13:41:39.790

Link: CVE-2019-19598

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-05T03:07:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135"}, {"tags": ["x_refsource_MISC"], "url": "https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19598", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135", "refsource": "MISC", "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135"}, {"name": "https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/", "refsource": "MISC", "url": "https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:25:11.437Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19598", "datePublished": "2019-12-05T03:07:05", "dateReserved": "2019-12-05T00:00:00", "dateUpdated": "2024-08-05T02:25:11.437Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.01b06:*:*:*:*:*:*:*", "matchCriteriaId": "09CFFD20-05B2-4C25-857F-96CA8B704A8B", "vulnerable": true}, {"criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.02b01:*:*:*:*:*:*:*", "matchCriteriaId": "51665047-BD46-4892-9FB7-9C26C9A563B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.04b01:*:*:*:*:*:*:*", "matchCriteriaId": "504F1D40-9ED8-4A48-94A3-1CD74FA669FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dap-1860:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6579D66-FD76-4F30-A49A-E3CA406836B2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function."}, {"lang": "es", "value": "Los dispositivos D-Link DAP-1860 versiones anteriores a v1.04b03 Beta, permiten el acceso a las funciones de administrador sin autenticaci\u00f3n por medio del valor de marca de tiempo del encabezado HNAP_AUTH. En las peticiones HTTP, parte del encabezado HNAP_AUTH es la marca de tiempo usada para determinar la hora en que el usuario envi\u00f3 la petici\u00f3n. Si este valor es igual al valor almacenado en el archivo /var/hnap/timestamp del dispositivo, la petici\u00f3n pasar\u00e1 la funci\u00f3n de comprobaci\u00f3n de HNAP_AUTH."}], "id": "CVE-2019-19598", "lastModified": "2019-12-14T13:41:39.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-05T04:15:11.817", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}