VYPR

DAP-1860

by Dlink

CVEs (6)

  • CVE-2020-27865Feb 11, 2021
    risk 0.02cvss epss 0.03

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service,…

  • CVE-2020-27864Feb 11, 2021
    risk 0.01cvss epss 0.10

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service,…

  • CVE-2019-19597Dec 5, 2019
    risk 0.01cvss epss 0.19

    D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote code execution as root without authentication via shell metacharacters within an HNAP_AUTH HTTP header.

  • CVE-2023-45208Oct 10, 2023
    risk 0.00cvss epss 0.01

    A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID.…

  • CVE-2020-15631Jul 23, 2020
    risk 0.00cvss epss 0.03

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…

  • CVE-2019-19598Dec 5, 2019
    risk 0.00cvss epss 0.03

    D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If…