CVE-2020-29324

Published: Jun 4, 2021Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

Affected (1)

Products: Dlink: Dir 895l Mfc Firmware

Dlink

1 product

Dir 895l Mfc Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 895l Mfc Firmware	Version 1.21b05

Running on/with	Platform Versions
Dlink Dir 895l Mfc	All versions

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://cybersecurityworks.com/zerodays/cve-2020-29324-d-link-router-dir-895l-mfc-telnet-hardcoded-credentials.html

Source: disclose@cybersecurityworks.com

ExploitThird Party Advisory

https://cybersecurityworks.com/zerodays/cve-2020-29324-d-link-router-dir-895l-mfc-telnet-hardcoded-credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.