CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8862

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.047

EPSS Ranking 89.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 8.3

References

Products affected by CVE-2020-8862

Dlink » Dap-2610 » Version: N/A

cpe:2.3:h:dlink:dap-2610:-
Dlink » Dap-2610 Firmware » Version: N/A

cpe:2.3:o:dlink:dap-2610_firmware:-
Dlink » Dap-2610 Firmware » Version: 1.01rc017

cpe:2.3:o:dlink:dap-2610_firmware:1.01rc017
Dlink » Dap-2610 Firmware » Version: 1.02rc048

cpe:2.3:o:dlink:dap-2610_firmware:1.02rc048
Dlink » Dap-2610 Firmware » Version: 2.01_k2he

cpe:2.3:o:dlink:dap-2610_firmware:2.01_k2he
Dlink » Dap-2610 Firmware » Version: 2.01rc067

cpe:2.3:o:dlink:dap-2610_firmware:2.01rc067

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8862

Products

Pricing

Contact Us