CVE-2020-8863

Name of the Vulnerable Software and Affected Versions D-Link DIR-867 versions 1.10B04 D-Link DIR-878 versions 1.10B04 D-Link DIR-882 versions 1.10B04

Description The issue is related to errors in the implementation of the authentication algorithm in the HNAP Private Login component of the D-Link DIR-867, DIR-878, and DIR-882 routers. This allows a remote attacker to bypass authentication and potentially escalate privileges, executing code in the context of the router. The specific flaw exists within the handling of HNAP login requests, resulting from the lack of proper implementation of the authentication algorithm.

Recommendations For D-Link DIR-867 version 1.10B04, update the firmware to a version that fixes the authentication algorithm implementation issue. For D-Link DIR-878 version 1.10B04, update the firmware to a version that fixes the authentication algorithm implementation issue. For D-Link DIR-882 version 1.10B04, update the firmware to a version that fixes the authentication algorithm implementation issue. As a temporary workaround, consider restricting access to the HNAP login requests to minimize the risk of exploitation.