U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:h:dlink:6600-ap:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2019-14335

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI.

Published: August 08, 2019; 10:15:11 AM -0400 		V3.1: 5.5 MEDIUM
 V2.0: 4.9 MEDIUM
CVE-2019-14338

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface.

Published: August 01, 2019; 9:15:14 AM -0400 		V3.1: 6.1 MEDIUM
 V2.0: 4.3 MEDIUM
CVE-2019-14337

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence.

Published: August 01, 2019; 9:15:14 AM -0400 		V3.1: 5.5 MEDIUM
 V2.0: 2.1 LOW
CVE-2019-14336

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request.

Published: August 01, 2019; 9:15:14 AM -0400 		V3.1: 5.5 MEDIUM
 V2.0: 2.1 LOW
CVE-2019-14334

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.

Published: August 01, 2019; 9:15:14 AM -0400 		V3.1: 5.5 MEDIUM
 V2.0: 2.1 LOW
CVE-2019-14333

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi.

Published: August 01, 2019; 9:15:14 AM -0400 		V3.1: 5.5 MEDIUM
 V2.0: 4.9 MEDIUM
CVE-2019-14332

An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1.

Published: August 01, 2019; 9:15:13 AM -0400 		V3.1: 7.8 HIGH
 V2.0: 4.6 MEDIUM