Information Disclosure in D-Link DSP-W215 Devices by D-Link
CVE-2020-13135

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: Dsp-w215 Firmware
Vendor: CVE Published:; 18 May 2020

What is CVE-2020-13135?

D-Link DSP-W215 version 1.26b03 devices are susceptible to an information disclosure vulnerability that enables attackers to intercept messages on the local network. This issue can be exploited through various methods, such as deploying a Squid Proxy, allowing unauthorized access to sensitive information transmitted over the network.

References

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2020
Vulnerability Reserved
May 18, 2020