How severe is CVE-2019-18666?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-18666?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2019-18666 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization.

Related Vulnerabilities

CVE-2006-0061

CRITICAL

CVSS:9.8(Critical)

xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.

CWE-3062006

CVE-2006-0062

CRITICAL

CVSS:9.8(Critical)

xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.

CWE-3062006

CVE-2014-3449

CRITICAL

CVSS:9.8(Critical)

BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerability

CWE-3062014

CVE-2015-2888

CRITICAL

CVSS:9.8(Critical)

Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.

CWE-3062015

CVE-2016-2004

CRITICAL

CVSS:9.8(Critical)

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerab...

CWE-3062016

CVE-2016-5053

CRITICAL

CVSS:9.8(Critical)

OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.

CWE-3062016