CVE-2020-15892

Name of the Vulnerable Software and Affected Versions D-Link DAP-1520 versions prior to 1.10b04Beta02

Description An issue was discovered in the apply.cgi of D-Link DAP-1520 devices. The problem arises when a user performs a login action from the web interface, and the request values are forwarded to the ssi binary. The login page restricts the password input field to a fixed length of 15 characters, but this validation is done on the client side and can be bypassed. An attacker can intercept the login request, which is POST-based, and tamper with the vulnerable parameter log pass to a larger length. This results in a stack-based buffer overflow when the request is forwarded to the webserver. Other vulnerable POST variables include html response page and log user.

Recommendations For versions prior to 1.10b04Beta02, update to version 1.10b04Beta02 or later to resolve the issue. As a temporary workaround, consider restricting access to the apply.cgi page to minimize the risk of exploitation. Avoid using the log pass, html response page, and log user parameters in the affected POST request until the issue is resolved.