Information Disclosure in D-Link DAP-2020 Routers
CVE-2021-34860

6.5MEDIUM

Key Information:

Vendor: D-link
Status: Dap-2020
Vendor: CVE Published:; 25 October 2021

Summary

This vulnerability enables network-adjacent attackers to exploit D-Link DAP-2020 routers, allowing them to disclose sensitive information due to inadequate validation of user input within the webproc endpoint. The flaw resides in how the getpage parameter is processed, leading to unauthorized access to data without requiring authentication. Attackers can leverage this security weakness to gain access to critical information, posing significant risks to affected users.

Affected Version(s)

DAP-2020 1.01rc001

References

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-976/

x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2021
Vulnerability Reserved
Jun 17, 2021

Credit

chung96vn of Vietnam National Cyber Security Center