External Control of File Name or Path in DAP-2020

#VU56990 External Control of File Name or Path in DAP-2020

Published: 2021-10-01

Vulnerability identifier: #VU56990

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27250

CWE-ID: CWE-73

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
DAP-2020
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: D-Link

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to application does not properly validate a user-supplied path within the processing of CGI scripts. A remote attacker on the local network can disclose stored credentials.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DAP-2020: 1.01

External links
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201
http://www.zerodayinitiative.com/advisories/ZDI-21-205/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in D-Link DAP-2020