Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8862


This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082.


Published

2020-02-22T00:15:10.937

Last Modified

2024-11-21T05:39:35.463

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

6.5

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-697
  • Type: Primary
    CWE-287

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System dlink dap-2610_firmware ≤ 2.01rc067 Yes
Hardware dlink dap-2610 - No

References