CVE-2020-27863

D-Link Multiple Routers dhttpd Authentication Bypass Vulnerability

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10912.

Esta vulnerabilidad permite a los atacantes adyacentes a la red revelar información sensible en las instalaciones afectadas de los routers D-Link DVA-2800 y DSL-2888A. No se requiere autenticación para explotar esta vulnerabilidad. El fallo específico existe en el servicio dhttpd, que escucha en el puerto TCP 8008 por defecto. El problema se debe a una lógica incorrecta de coincidencia de cadenas al acceder a páginas protegidas. Un atacante puede aprovechar esta situación para revelar las credenciales almacenadas, lo que llevaría a un mayor compromiso. Era ZDI-CAN-10912

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the dhttpd service, which listens on TCP port 8008 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.

*Credits: chung96vn ft phieulang

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-10-27 CVE Reserved
2020-12-15 CVE Published
2023-07-27 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-288: Authentication Bypass Using an Alternate Path or Channel

CAPEC

References (2)

URL	Tag	Source
https://www.zerodayinitiative.com/advisories/ZDI-20-1427	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10196	2021-04-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dlink Search vendor "Dlink"	Dva-2800 Firmware Search vendor "Dlink" for product "Dva-2800 Firmware"	2.30_au Search vendor "Dlink" for product "Dva-2800 Firmware" and version "2.30_au"	-	Affected	in	Dlink Search vendor "Dlink"	Dva-2800 Search vendor "Dlink" for product "Dva-2800"	revision_t Search vendor "Dlink" for product "Dva-2800" and version "revision_t"	-	Safe
Dlink Search vendor "Dlink"	Dsl-2888a Firmware Search vendor "Dlink" for product "Dsl-2888a Firmware"	2.30_au Search vendor "Dlink" for product "Dsl-2888a Firmware" and version "2.30_au"	-	Affected	in	Dlink Search vendor "Dlink"	Dsl-2888a Search vendor "Dlink" for product "Dsl-2888a"	revision_t Search vendor "Dlink" for product "Dsl-2888a" and version "revision_t"	-	Safe