Obfuscated Hash Exposure in D-Link DSP-W215 Devices
CVE-2020-13136

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dsp-w215 Firmware
Vendor: CVE Published:; 18 May 2020

Summary

D-Link DSP-W215 devices running firmware version 1.26b03 expose an obfuscated hash through network communications. This hash can be intercepted and understood by a network sniffer, potentially allowing unauthorized parties to gain insights into the device's operation or configuration. Such exposure poses a security risk, necessitating prompt attention and appropriate mitigative actions from users.

References

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2020
Vulnerability Reserved
May 18, 2020