CVE-2020-15894
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.
Se detectó un problema en los dispositivos D-Link DIR-816L versiones 2.x anteriores a 1.10b04Beta02. Se presenta una función de administración expuesta en el archivo getcfg.php, que puede ser utilizada para llamar a varios servicios. Puede ser usada por un atacante para recuperar información confidencial, tal y como credenciales de inicio de sesión de administrador, al establecer el valor de _POST_SERVICES en la cadena de consulta para DEVICE.ACCOUNT
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-22 CVE Reserved
- 2020-07-22 CVE Published
- 2023-11-09 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169 | 2023-11-08 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dlink Search vendor "Dlink" | Dir-816l Firmware Search vendor "Dlink" for product "Dir-816l Firmware" | 2.06 Search vendor "Dlink" for product "Dir-816l Firmware" and version "2.06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-816l Search vendor "Dlink" for product "Dir-816l" | b1 Search vendor "Dlink" for product "Dir-816l" and version "b1" | - |
Safe
|
Dlink Search vendor "Dlink" | Dir-816l Firmware Search vendor "Dlink" for product "Dir-816l Firmware" | 2.06.b09 Search vendor "Dlink" for product "Dir-816l Firmware" and version "2.06.b09" | beta |
Affected
| in | Dlink Search vendor "Dlink" | Dir-816l Search vendor "Dlink" for product "Dir-816l" | b1 Search vendor "Dlink" for product "Dir-816l" and version "b1" | - |
Safe
|