Описание
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одновременно
Одновременно
Одновременно
EPSS
8.8 High
CVSS3
8.8 High
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835.
Уязвимость реализации протокола HNAP (Home Network Administration Protocol) микропрограммного обеспечения Wi-Fi роутеров D-Link DIR-867-US, DIR-878, DIR-882-US, позволяющая нарушителю обойти ограничения безопасности, повысить свои привилегии или выполнить произвольный код
EPSS
8.8 High
CVSS3
8.8 High
CVSS3
5.8 Medium
CVSS2