CVE-2020-8864

Name of the Vulnerable Software and Affected Versions D-Link DIR-867 versions 1.10B04 D-Link DIR-878 versions 1.10B04 D-Link DIR-882 versions 1.10B04

Description The issue is related to errors in handling empty passwords in the HNAP strncmp component of the D-Link DIR-867, DIR-878, and DIR-882 routers' firmware. This allows a remote attacker to change the administrator password. The specific flaw exists within the handling of HNAP login requests, resulting from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router.

Recommendations For D-Link DIR-867 version 1.10B04, update the firmware to a version that fixes the HNAP login request handling issue. For D-Link DIR-878 version 1.10B04, update the firmware to a version that fixes the HNAP login request handling issue. For D-Link DIR-882 version 1.10B04, update the firmware to a version that fixes the HNAP login request handling issue. As a temporary workaround, consider restricting access to the HNAP login requests until a patch is available.