CVE-2020-15633Authentication Bypass Using an Alternate Path or Channel in D-link Dir-867 Firmware

CWE-288Authentication Bypass Using an Alternate Path or Channel3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 27.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
D-link Dir-867 FirmwareD-link Dir-878 FirmwareD-link Multiple Routers
Timeline
PublishedJul 23
Latest updateMay 24

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the ro

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5d-link/multiple_routers1.20B10_BETA

🔴Vulnerability Details

2
GHSA
GHSA-mm3r-85wp-99j8: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 router2022-05-24
CVEList
CVE-2020-15633: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 router2020-07-23
CVE-2020-15633 — D-link Dir-867 Firmware vulnerability | cvebase