Suid

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The flaw exists within the processing of CGI scripts, specifically when parsing the `errorpage` request parameter. The process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this issue to disclose stored credentials, leading to further compromise. Recommendations: For D-Link DAP-2020 version 1.01rc001, consider restricting access to CGI scripts until a patch is available. As a temporary workaround, avoid using the `errorpage` parameter in requests to minimize the risk of exploitation.