- Aug 17, 2014
The vulnerabilities reported by ACE Team – Loginsoft include reflected Cross-Site Scripting (XSS) attacks, buffer overflows to means of obtaining admin credentials, bypassing authentication altogether, and executing arbitrary code.
Any attacker with access to the router administration page can carry out the said attacks even if they do not know the admin credentials.
The vulnerabilities disclosed and patched this week are:
Identifiers Vulnerability Type Description CVE-2020-15892
Stack-based Buffer Overflow A classic stack-based buffer overflow in the `ssi` binary, leading to arbitrary command execution. CVE-2020-15893 Command Injection Command injection vulnerability in the UPnP via a crafted M-SEARCH packet CVE-2020-15894 Sensitive Information Exposure Exposed administration function allows unauthorized access to sensitive information. CVE-2020-15895
Cross-Site Scripting (XSS) Reflected XSS vulnerability on the device configuration webpage due to an unescaped value CVE-2020-15896
Sensitive Information Exposure / Authentication Bypass Backdoor Exposed administration function allows unauthorized access to sensitive information.
Multiple Vulnerabilities discovered in the D-link Firmware DIR-816L Loginsoft-2020-1008 23 July, 2020 CVE Number CVE-2020-15895 CWE Number CWE-79: Improper Neutralization of Input During Web Page Generation Product Details The DIR-816L Wireless AC750 Dual-Band Cloud Router is an affordable yet...