CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27864 – D-Link DAP-1860 HNAP Authorization Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27864
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10197 https://www.zerodayinitiative.com/advisories/ZDI-20-1428 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27865 – D-Link DAP-1860 uhttpd Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-27865
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10197 https://www.zerodayinitiative.com/advisories/ZDI-20-1429 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15631 – D-Link DAP-1860 HNAP SOAPAction Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-15631
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. • https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10185 https://www.zerodayinitiative.com/advisories/ZDI-20-879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-19597
https://notcve.org/view.php?id=CVE-2019-19597
D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header. Los dispositivos D-Link DAP-1860 versiones anteriores a v1.04b03 Beta, permiten una ejecución arbitraria de código remoto como root sin autenticación por medio de metacaracteres de shell dentro de un encabezado HTTP HNAP_AUTH. • https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-19598
https://notcve.org/view.php?id=CVE-2019-19598
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function. Los dispositivos D-Link DAP-1860 versiones anteriores a v1.04b03 Beta, permiten el acceso a las funciones de administrador sin autenticación por medio del valor de marca de tiempo del encabezado HNAP_AUTH. En las peticiones HTTP, parte del encabezado HNAP_AUTH es la marca de tiempo usada para determinar la hora en que el usuario envió la petición. • https://chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135 • CWE-287: Improper Authentication •