CVE-2020-29557

Published: Jan 29, 2021Modified: Jun 17, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.

Affected (1)

Products: Dlink: Dir 825 R1 Firmware

1 product

Dir 825 R1 Firmware

Configuration A

1 vulnerable · 6 platform

Vulnerable Software	Affected Versions
Dlink Dir 825 R1 Firmware	Up to 3.0.1

Running on/with	Platform Versions
Dlink Dir 825	Version r1
Dlink Dir 825/a	Version d1a
Dlink Dir 825/ac	Version e1a
Dlink Dir 825/ac	Version e
Dlink Dir 825/acf	Version f1
Dlink Dir 825/gf	Version gf

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (5)

https://shaqed.github.io/dlink/

Source: cve@mitre.org

Broken LinkExploitThird Party Advisory

https://www.dlink.ru/ru/download2/5/19/2354/441/

Source: cve@mitre.org

Product

https://shaqed.github.io/dlink/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploitThird Party Advisory

https://www.dlink.ru/ru/download2/5/19/2354/441/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-29557

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.