CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27865

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.235

EPSS Ranking 95.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 8.3

References

Products affected by CVE-2020-27865

Dlink » Dap-1860 » Version: ax

cpe:2.3:h:dlink:dap-1860:ax
Dlink » Dap-1860 Firmware » Version: 1.00

cpe:2.3:o:dlink:dap-1860_firmware:1.00
Dlink » Dap-1860 Firmware » Version: 1.01b05-01

cpe:2.3:o:dlink:dap-1860_firmware:1.01b05-01
Dlink » Dap-1860 Firmware » Version: 1.01b06

cpe:2.3:o:dlink:dap-1860_firmware:1.01b06
Dlink » Dap-1860 Firmware » Version: 1.01b94

cpe:2.3:o:dlink:dap-1860_firmware:1.01b94
Dlink » Dap-1860 Firmware » Version: 1.02b01

cpe:2.3:o:dlink:dap-1860_firmware:1.02b01
Dlink » Dap-1860 Firmware » Version: 1.04b01

cpe:2.3:o:dlink:dap-1860_firmware:1.04b01
Dlink » Dap-1860 Firmware » Version: 1.04b03

cpe:2.3:o:dlink:dap-1860_firmware:1.04b03

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27865

Products

Pricing

Contact Us