CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12768
https://notcve.org/view.php?id=CVE-2019-12768
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. Se detectó un problema en los dispositivos D-Link DAP-1650 versiones hasta v1.03b07 versiones anteriores a 1.04B02_J65H Hot Fix. Los atacantes pueden omitir la autenticación por medio de una navegación forzada. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12767
https://notcve.org/view.php?id=CVE-2019-12767
An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands. Se detectó un problema en los dispositivos D-Link DAP-1650 versiones anteriores a 1.04B02_J65H Hot Fix. Los atacantes pueden ejecutar comandos arbitrarios. • ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •