CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8863

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.016

EPSS Ranking 80.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 8.3

References

Products affected by CVE-2020-8863

Dlink » Dir-867 » Version: N/A

cpe:2.3:h:dlink:dir-867:-
Dlink » Dir-878 » Version: N/A

cpe:2.3:h:dlink:dir-878:-
Dlink » Dir-882 » Version: N/A

cpe:2.3:h:dlink:dir-882:-
Dlink » Dir-867 Firmware » Version: N/A

cpe:2.3:o:dlink:dir-867_firmware:-
Dlink » Dir-867 Firmware » Version: 1.00b07

cpe:2.3:o:dlink:dir-867_firmware:1.00b07
Dlink » Dir-867 Firmware » Version: 1.02b02

cpe:2.3:o:dlink:dir-867_firmware:1.02b02
Dlink » Dir-867 Firmware » Version: 1.10b04

cpe:2.3:o:dlink:dir-867_firmware:1.10b04
Dlink » Dir-878 Firmware » Version: N/A

cpe:2.3:o:dlink:dir-878_firmware:-
Dlink » Dir-878 Firmware » Version: 1.01b04

cpe:2.3:o:dlink:dir-878_firmware:1.01b04
Dlink » Dir-878 Firmware » Version: 1.02b04

cpe:2.3:o:dlink:dir-878_firmware:1.02b04
Dlink » Dir-878 Firmware » Version: 1.02b05

cpe:2.3:o:dlink:dir-878_firmware:1.02b05
Dlink » Dir-878 Firmware » Version: 1.10b05

cpe:2.3:o:dlink:dir-878_firmware:1.10b05
Dlink » Dir-878 Firmware » Version: 1.11b02

cpe:2.3:o:dlink:dir-878_firmware:1.11b02
Dlink » Dir-878 Firmware » Version: 1.12a1

cpe:2.3:o:dlink:dir-878_firmware:1.12a1
Dlink » Dir-878 Firmware » Version: 1.12b01

cpe:2.3:o:dlink:dir-878_firmware:1.12b01
Dlink » Dir-878 Firmware » Version: 1.20b03

cpe:2.3:o:dlink:dir-878_firmware:1.20b03
Dlink » Dir-882 Firmware » Version: N/A

cpe:2.3:o:dlink:dir-882_firmware:-
Dlink » Dir-882 Firmware » Version: 1.10b02

cpe:2.3:o:dlink:dir-882_firmware:1.10b02
Dlink » Dir-882 Firmware » Version: 1.10b04

cpe:2.3:o:dlink:dir-882_firmware:1.10b04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8863

Products

Pricing

Contact Us