Authentication Bypass in D-Link DSL-2888A Devices
CVE-2020-24579

8.8HIGH

Key Information:

Vendor: D-Link
Status: Dsl2888a Firmware
Vendor: CVE Published:; 22 December 2020

Summary

A vulnerability exists in D-Link DSL-2888A devices that allows unauthenticated attackers to bypass authentication mechanisms. This flaw permits unauthorized access to sensitive authenticated pages and functionalities. The issue is present in all firmware versions prior to AU_2.31_V1.1.47ae55, exposing users to potential unauthorized control over device settings and configurations. Users are strongly advised to upgrade their firmware to mitigate this risk.

References

https://www.trustwave.com/en-us/resources/blogs/spiderlab...

x_refsource_MISC

https://www.trustwave.com/en-us/resources/security-resour...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 22, 2020
Vulnerability Reserved
Aug 21, 2020