← Back

CVE-2020-8864

nvd nist
Published: Mar 23, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.

Affected (3)

Dlink
3 products
Dir 878 Firmware
Dir 882 Firmware
Dir 867 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dir 878 Firmware
Up to 1.20b03
Running on/withPlatform Versions
Dlink
Dir 878
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dir 882 Firmware
Up to 1.10b04
Running on/withPlatform Versions
Dlink
Dir 882
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dir 867 Firmware
Up to 1.10b04
Running on/withPlatform Versions
Dlink
Dir 867
All versions

Related CWEs

CWE-697
Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References (4)

Source: zdi-disclosures@trendmicro.com
Vendor Advisory
Source: zdi-disclosures@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.