PT-2020-15749 · D Link · D-Link Dsl-2888A
Harold Zang
·
Published
2020-12-22
·
Updated
2023-04-26
·
CVE-2020-24578
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DSL-2888A devices with firmware prior to AU 2.31 V1.1.47ae55
Description
An issue was discovered that allows a malicious network user to access system folders and download sensitive files, such as the password hash file, due to a misconfigured FTP service.
Recommendations
For D-Link DSL-2888A devices with firmware prior to AU 2.31 V1.1.47ae55, update the firmware to version AU 2.31 V1.1.47ae55 or later to resolve the issue. As a temporary workaround, consider disabling the FTP service until a patch is available. Restrict access to system folders to minimize the risk of exploitation.
Exploit
Fix
Incorrect Permission
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dsl-2888A