CVE-2020-29324

Exploit

EPSS 0.51%
Veröffentlicht 04.06.2021 20:15:07
Zuletzt bearbeitet 21.11.2024 05:23:54
Quelle disclose@cybersecurityworks.co
CVE-Watchlists
Login
Unerledigt
Login

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Dir-895l Mfc Firmware Version1.21b05

Dlink ≫ Dir-895l Mfc Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.654

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://cybersecurityworks.com/zerodays/cve-2020-29324-d-link-router-dir-895l-mfc-telnet-hardcoded-credentials.html

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-29324

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-29324

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-29324

EUVD