D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-05T03:07:05
Updated: 2024-08-05T02:25:11.437Z
Reserved: 2019-12-05T00:00:00
Link: CVE-2019-19598
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-12-05T04:15:11.817
Modified: 2019-12-14T13:41:39.790
Link: CVE-2019-19598
Redhat
No data.