CVE-2020-29321Insufficiently Protected Credentials in Dlink Dir-868l Firmware

CWE-522Insufficiently Protected CredentialsCWE-798Hard-coded Credentials3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 25.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-868l Firmware
Timeline
PublishedJun 4
Latest updateMay 24

Description

The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j5pc-jw5h-phhh: The D-Link router DIR-868L 32022-05-24
CVEList
CVE-2020-29321: The D-Link router DIR-868L 32021-06-04
CVE-2020-29321 — Insufficiently Protected Credentials | cvebase