CVE-2020-15896

Name of the Vulnerable Software and Affected Versions D-Link DAP-1522 devices versions 1.4x through 1.10b04Beta01

Description An authentication-bypass issue allows unauthorized users to access certain pages directly. This is due to the checking of the NO NEED AUTH value. If NO NEED AUTH is set to 1, users can access webpages without authentication. By appending ?NO NEED AUTH=1 to protected URLs, such as "logout.php" and "login.php", unauthorized users can bypass authentication.

Recommendations For D-Link DAP-1522 devices versions 1.4x through 1.10b04Beta01, update to version 1.10b04Beta02 or later to resolve the issue. As a temporary workaround, consider restricting access to the logout.php and login.php pages, and avoid using the NO NEED AUTH parameter in protected URLs until the issue is resolved.