Main Vulnerability Database Vulnerabilities #VU25541

Incorrect Comparison in DAP-2610 - CVE-2020-8862

Published: February 24, 2020

Vulnerability identifier: #VU25541

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-8862

CWE-ID: CWE-697

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: D-Link

Affected software:
DAP-2610

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the lack of proper password checking. A remote attacker on the local network can affect the device that could cause the device to malfunction or disclose information.

An attacker can leverage this vulnerability to execute arbitrary code in the context of root.

How to mitigate CVE-2020-8862

Install updates from vendor's website.

Sources

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10154
https://www.zerodayinitiative.com/advisories/ZDI-20-266/

Incorrect Comparison in DAP-2610 - CVE-2020-8862

Detailed vulnerability description

How to mitigate CVE-2020-8862

Sources

Please verify you're human