Main Vulnerability Database Vulnerabilities #VU49092

#VU49092 Session fixation in DSL-2888A - CVE-2020-24579

Published: December 18, 2020

Vulnerability identifier: #VU49092

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2020-24579

CWE-ID: CWE-384

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
DSL-2888A

Software vendor:
D-Link

Description

The vulnerability allows a remote attacker to gain unauthorized access to the device.

The vulnerability exists due to incorrect session management mechanism, which solely relies on the user's IP address. A remote attacker with ability to use the victim's IP address can gain unauthorized access to victim's session, after victim successfully logs in onto the device.

Remediation

Install updates from vendor's website.

External links

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28241