Information Disclosure Vulnerability in D-Link Wi-Fi Access Point
CVE-2021-27250

6.5MEDIUM

Key Information:

Vendor: D-link
Status: Dap-2020
Vendor: CVE Published:; 14 April 2021

Summary

The D-Link DAP-2020 v1.01rc001 Wi-Fi access point is susceptible to an information disclosure vulnerability. This flaw arises from improper validation of the user-supplied path when processing CGI scripts, particularly in the errorpage request parameter. An attacker on the same network can exploit this vulnerability without requiring authentication, potentially exposing sensitive information including stored credentials.

Affected Version(s)

DAP-2020 v1.01rc001

References

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-205/

x_refsource_MISC

EPSS Score

71% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 14, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

SUID