CVE-2020-29321

Published: Jun 4, 2021Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

Affected (1)

Products: Dlink: Dir 868l Firmware

Dlink

1 product

Dir 868l Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 868l Firmware	Version 3.01

Running on/with	Platform Versions
Dlink Dir 868l	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html

Source: disclose@cybersecurityworks.com

ExploitThird Party Advisory

https://cybersecurityworks.com/zerodays/cve-2020-29321-telnet-hardcoded-credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.