CVE-2019-14336

Medium

5.5/10

Summary

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Aug 01, 2019

CVE-2019-14336

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS