Pseudo-Random Number Generator Vulnerability in D-Link DIR-865L Router
CVE-2020-13784

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dir-865l Firmware
Vendor: CVE Published:; 3 June 2020

What is CVE-2020-13784?

The D-Link DIR-865L Ax 1.20B01 Beta router is vulnerable due to a predictable seed in its Pseudo-Random Number Generator (PRNG). This makes it easier for attackers to predict the output of the generator, potentially compromising encryption and leading to unauthorized access. Users are encouraged to update their devices and implement security best practices to mitigate risks associated with this vulnerability. For more details on how to secure your network, refer to the provided resources.

References

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

https://unit42.paloaltonetworks.com/6-new-d-link-vulnerab...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2020
Vulnerability Reserved
Jun 3, 2020