CVE-2020-29324

Exploit

EPSS 0.58%
Published 04.06.2021 20:15:07
Last modified 21.11.2024 05:23:54
Source disclose@cybersecurityworks.co
Teams watchlist Login
Open Login

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dir-895l Mfc Firmware Version1.21b05

Dlink ≫ Dir-895l Mfc Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.58%	0.675

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://cybersecurityworks.com/zerodays/cve-2020-29324-d-link-router-dir-895l-mfc-telnet-hardcoded-credentials.html

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-29324

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-29324

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-29324

EUVD