PT-2021-4491 · D Link · D-Link Dir-868L

Published

2021-06-04

Updated

2022-07-12

CVE-2020-29321

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions D-Link DIR-868L version 3.01

Description The issue concerns a credentials disclosure in the telnet service of the D-Link router DIR-868L. This is due to insufficient protection of registration data, which can be exploited through decompilation of the firmware. An unauthenticated attacker can gain access to the firmware and extract sensitive data.

Recommendations For D-Link DIR-868L version 3.01, consider disabling the telnet service until a patch is available to prevent exploitation. Restrict access to the firmware to minimize the risk of sensitive data extraction. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-798

Related Identifiers

BDU:2021-05125

CVE-2020-29321

Affected Products

D-Link Dir-868L

PT-2021-4491 · D Link · D-Link Dir-868L

CVE-2020-29321

Weakness Enumeration

Related Identifiers

Affected Products

References · 5