CVE-2019-14334
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
21.9%
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dlink | 6600-ap_firmware | 4.2.0.14 | cpe:2.3:o:dlink:6600-ap_firmware:4.2.0.14:*:*:*:*:*:*:* |
| dlink | 6600-ap | - | cpe:2.3:h:dlink:6600-ap:-:*:*:*:*:*:*:* |
| dlink | dwl-3600ap_firmware | 4.2.0.14 | cpe:2.3:o:dlink:dwl-3600ap_firmware:4.2.0.14:*:*:*:*:*:*:* |
| dlink | dwl-3600ap | - | cpe:2.3:h:dlink:dwl-3600ap:-:*:*:*:*:*:*:* |
| dlink | dwl-8610ap_firmware | 4.2.0.14 | cpe:2.3:o:dlink:dwl-8610ap_firmware:4.2.0.14:*:*:*:*:*:*:* |
| dlink | dwl-8610ap | - | cpe:2.3:h:dlink:dwl-8610ap:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
21.9%