On May 22, 2019, it was disclosed by a 3rd party to D-Link that the DWL-6600AP had multiple security vulnerabilities.

The DWL-6600AP is designed to be an indoor Access Point for business environments. With high data transmission speeds, load balancing features, it can be deployed as a standalone wireless Access Point or used as the foundation for a managed wireless network.

3rd Party Report Accreditation:

Discovered and researched by Sandstorm Security at  pwn _dot_ sandstorm _at_ gmail _dot_ com

Links: https://packetstormsecurity.com/files/153840/dlink6600ap-xssdosdisclose.txt

1. CVE-2019-14338 - Post-authenticated XSS
2. CVE-2019-14334 - Post-authenticated Certificate and RSA Private Key extraction through http command
3. CVE-2019-14333 - Pre-authenticated Denial of service leading to the reboot of the AP
4. CVE-2019-14337 - Escape shell in the restricted command line interface
5. CVE-2019-14335 - Post-authenticated Denial of service leading to the reboot of the AP
6. CVE-2019-14336 - Post-authenticated Dump all the config files (post-auth)
7. CVE-2019-14332 - Use of weak ciphers for SSH

Affected Products:

This disclosure directly affects the software package and current installations should be update with the new released available to download below. Failure to update may put this software package, the host computer it runs on, and D-Link devices that it manages at risk.

Solution/Patch/Fix: