Misconfigured FTP Service on D-Link DSL-2888A Devices
CVE-2020-24578

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: Dsl2888a Firmware
Vendor: CVE Published:; 22 December 2020

Summary

A misconfigured FTP service on D-Link DSL-2888A devices allows unauthorized network users to access critical system folders. This security flaw enables attackers to download sensitive files, including password hashes, which can jeopardize device security and user privacy. To mitigate this risk, users should update their firmware to versions AU_2.31_V1.1.47ae55 or later.

References

https://www.trustwave.com/en-us/resources/blogs/spiderlab...

x_refsource_MISC

https://www.trustwave.com/en-us/resources/security-resour...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 22, 2020
Vulnerability Reserved
Aug 21, 2020