Dir 842 Firmware
CVE-2020-15632
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.
AnalysisAI
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-303. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083. Affected products include: Dlink Dir-842 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Dir 842 Firmware
View allA stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcp
D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DI
Share
External POC / Exploit Code
Leaving vuln.today