Stack-Based Buffer Overflow in D-Link DAP-1520 Devices
CVE-2020-15892

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dap-1520 Firmware
Vendor: CVE Published:; 22 July 2020

What is CVE-2020-15892?

The D-Link DAP-1520 devices are vulnerable to a stack-based buffer overflow due to improper validation of user input on the web interface login page. Specifically, the vulnerability arises when the system allows a login request with a tampered password input exceeding the intended length. The client-side validation can be bypassed by an attacker, enabling them to manipulate the parameters of the login request. This could lead to remote code execution or unauthorized access if successful. Other parameters, such as html_response_page and log_user, are also susceptible to similar exploitation. Ensuring device firmware is updated can mitigate potential risks.

References

https://research.loginsoft.com/bugs/classic-stack-based-b...

x_refsource_MISC

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2020
Vulnerability Reserved
Jul 22, 2020