CVE-2020-8861

Name of the Vulnerable Software and Affected Versions D-Link DAP-1330 versions 1.10B01 BETA

Description The issue is related to the incorrect implementation of the HNAP authentication algorithm in the D-Link DAP-1330 Wi-Fi range extender. This allows network-adjacent attackers to bypass authentication. The specific flaw exists within the handling of HNAP login requests, resulting from the lack of proper handling of cookies. An attacker can leverage this vulnerability to execute arbitrary code on the router.

Recommendations For D-Link DAP-1330 version 1.10B01 BETA, consider disabling the HNAP login functionality until a patch is available to prevent exploitation. Restrict access to the router to minimize the risk of arbitrary code execution. Avoid using the vulnerable HNAP protocol for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.