SB2020121803 - Multiple vulnerabilities in D-Link DSL-2888A

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020121803

SB2020121803 - Multiple vulnerabilities in D-Link DSL-2888A

Published: December 18, 2020

Security Bulletin ID SB2020121803
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 20% Medium 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2020-24580)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application.


2) Information disclosure (CVE-ID: CVE-2020-24577)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application at the following URLs:

http://DeviceIP/tmp/home/wan_stat
http://DeviceIP/tmp/var/passwd

A remote authenticated user can obtain internet connection credentials and password hash of the admin account by inspecting the application's response body.


3) Configuration (CVE-ID: CVE-2020-24578)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to misconfigured FTP service. A remote authenticated user can access system folders and download sensitive files, such as password hash file.


4) Hidden functionality (CVE-ID: CVE-2020-24581)

The vulnerability allows a remote user to escalate privileges on the device.

The vulnerability exists due to presence of hidden functionality in firmware. A remote authenticated user can execute arbitrary OS commands via "cmd" parameter to "/cgi-bin/execute_cmd.cgi" script.

Example:

http://DeviceIP/cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=ls



5) Session fixation (CVE-ID: CVE-2020-24579)

The vulnerability allows a remote attacker to gain unauthorized access to the device.

The vulnerability exists due to incorrect session management mechanism, which solely relies on the user's IP address. A remote attacker with ability to use the victim's IP address can gain unauthorized access to victim's session, after victim successfully logs in onto the device.


Remediation

Install update from vendor's website.

References