Authentication Bypass in D-Link DIR-842 Router
CVE-2020-15632

8.8HIGH

Key Information:

Vendor: D-link
Status: Dir-842
Vendor: CVE Published:; 23 July 2020

Summary

This vulnerability allows network-adjacent attackers to bypass authentication on D-Link DIR-842 routers. The specific flaw lies in the handling of HNAP GetCAPTCHAsetting requests, which results in improper session management. Consequently, attackers can execute arbitrary code on the device, enhancing their control and potential impact on network security.

Affected Version(s)

DIR-842 3.13B05

References

https://www.zerodayinitiative.com/advisories/ZDI-20-880/

x_refsource_MISC

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2020
Vulnerability Reserved
Jul 7, 2020

Credit

chung96vn - Security Researcher of VinCSS (Member of Vingroup)