PT-2020-14555 · D Link · D-Link Dir-842

Chung96Vn

Published

2020-07-20

Updated

2020-07-28

CVE-2020-15632

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DIR-842 version 3.13B05

Description This issue allows network-adjacent attackers to bypass authentication on affected installations. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests, resulting from the lack of proper handling of sessions. An attacker can leverage this to execute arbitrary code in the context of the device.

Recommendations For D-Link DIR-842 version 3.13B05, as a temporary workaround, consider disabling the handling of HNAP GetCAPTCHAsetting requests until a patch is available. Restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-303

Related Identifiers

CVE-2020-15632

ZDI-20-880

Affected Products

D-Link Dir-842

PT-2020-14555 · D Link · D-Link Dir-842

CVE-2020-15632

Weakness Enumeration

Related Identifiers

Affected Products

References · 4