PT-2020-5594 · D Link · Dsl-2888A
Harold Zang
·
Published
2020-05-26
·
Updated
2023-04-26
·
CVE-2020-24579
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55
Description
An issue was discovered that allows an unauthenticated attacker to bypass authentication and access authenticated pages and functionality. This is related to weaknesses in the authentication procedure. The exploitation of this issue may allow a remote attacker to elevate their privileges.
Recommendations
For versions prior to AU 2.31 V1.1.47ae55, update the firmware to version AU 2.31 V1.1.47ae55 or later to resolve the issue. As a temporary workaround, consider restricting access to authenticated pages and functionality until a patch is available.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dsl-2888A