CVE-2020-15894
Summary
| CVE | CVE-2020-15894 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-22 19:15:00 UTC |
| Updated | 2023-11-08 22:49:00 UTC |
| Description | An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | D-link | Dir-816l | b1 | All | All | All |
| Hardware | D-link | Dir-816l | b1 | All | All | All |
| Operating System | D-link | Dir-816l Firmware | 2.06 | All | All | All |
| Operating System | D-link | Dir-816l Firmware | 2.06.b09 | beta | All | All |
| Operating System | D-link | Dir-816l Firmware | 2.06 | All | All | All |
| Operating System | D-link | Dir-816l Firmware | 2.06.b09 | beta | All | All |
| Hardware | Dlink | Dir-816l | b1 | All | All | All |
| Operating System | Dlink | Dir-816l Firmware | 2.06 | All | All | All |
| Operating System | Dlink | Dir-816l Firmware | 2.06.b09 | beta | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| D-Link Technical Support | MISC | supportannouncement.us.dlink.com | Patch, Vendor Advisory |
| Multiple Vulnerabilities discovered in the D-link Firmware DIR-816L - Loginsoft Research | MISC | research.loginsoft.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.