An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.
CPE | Name | Operator | Version |
---|---|---|---|
6600-ap_firmware | eq | 4.2.0.14 | |
dwl-3600ap_firmware | eq | 4.2.0.14 | |
dwl-8610ap_firmware | eq | 4.2.0.14 |