Stack-Based Buffer Overflow in D-Link DAP-1520 Devices
CVE-2020-15892

9.8CRITICAL

Key Information:

Vendor

D-Link
Status
Dap-1520 Firmware
Vendor
CVE Published:
22 July 2020

What is CVE-2020-15892?

The D-Link DAP-1520 devices are vulnerable to a stack-based buffer overflow due to improper validation of user input on the web interface login page. Specifically, the vulnerability arises when the system allows a login request with a tampered password input exceeding the intended length. The client-side validation can be bypassed by an attacker, enabling them to manipulate the parameters of the login request. This could lead to remote code execution or unauthorized access if successful. Other parameters, such as html_response_page and log_user, are also susceptible to similar exploitation. Ensuring device firmware is updated can mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://research.loginsoft.com/bugs/classic-stack-based-b...
x_refsource_MISC
https://supportannouncement.us.dlink.com/announcement/pub...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.