CVE-2020-24578

Published: Dec 22, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).

Affected (1)

Products: Dlink: Dsl2888a Firmware

1 product

Dsl2888a Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dsl2888a Firmware	Before au_2.31_v1.1.47ae55

Running on/with	Platform Versions
Dlink Dsl2888a	All versions

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/

Source: cve@mitre.org

Third Party Advisory

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.