CVE-2020-29323

Published: Jun 4, 2021Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

Affected (2)

Products: Dlink: Dir 885l Mfc Firmware

Dlink

1 product

Dir 885l Mfc Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 885l Mfc Firmware	Version 1.15b02
Dlink Dir 885l Mfc Firmware	Version 1.21b05

Running on/with	Platform Versions
Dlink Dir 885l Mfc	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://cybersecurityworks.com/zerodays/cve-2020-29323-telnet-hardcoded-credentials.html

Source: disclose@cybersecurityworks.com

ExploitThird Party Advisory

https://cybersecurityworks.com/zerodays/cve-2020-29323-telnet-hardcoded-credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.