Main Vulnerability Database Vulnerabilities #VU25541

#VU25541 Incorrect Comparison in DAP-2610 - CVE-2020-8862

Published: February 24, 2020

Vulnerability identifier: #VU25541

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-8862

CWE-ID: CWE-697

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
DAP-2610

Software vendor:
D-Link

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the lack of proper password checking. A remote attacker on the local network can affect the device that could cause the device to malfunction or disclose information.

An attacker can leverage this vulnerability to execute arbitrary code in the context of root.

Remediation

Install updates from vendor's website.

External links

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10154
https://www.zerodayinitiative.com/advisories/ZDI-20-266/

#VU25541 Incorrect Comparison in DAP-2610 - CVE-2020-8862

Description

Remediation

External links

Please verify you're human