Design/Logic Flaw

2019-12-0504:15:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.6%

JSON

D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device’s /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function.

CPENameOperatorVersion
dap-1860_firmwareeq1.1.0-b6
dap-1860_firmwareeq1.2.0-b1
dap-1860_firmwareeq1.4.0-b1

Name	Operator	Version
dap-1860_firmware	eq	1.1.0-b6
dap-1860_firmware	eq	1.2.0-b1
dap-1860_firmware	eq	1.4.0-b1

References

chung96vn.wordpress.com/2019/11/15/d-link-dap-1860-vulnerabilities/

supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10135