CVE-2019-17505

D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack.

Published : 2019-10-11 20:15 Updated : 2019-10-16 13:19

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Dlink Dap-1320 A2 Firmware 1.21 cpe:/o:dlink:dap-1320_a2_firmware:1.21
  1. Dlink (1) Search CVE
    1. Dap-1320 A2 Firmware (1) Search CVE
      1. 1.21

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-10-16 13:19
2019-10-11 20:25

New CVE