5 severe D-Link router vulnerabilities disclosed, patch now

silversurfer

Level 68
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
5,782
The vulnerabilities reported by ACE Team – Loginsoft include reflected Cross-Site Scripting (XSS) attacks, buffer overflows to means of obtaining admin credentials, bypassing authentication altogether, and executing arbitrary code.
Any attacker with access to the router administration page can carry out the said attacks even if they do not know the admin credentials.
The vulnerabilities disclosed and patched this week are:

IdentifiersVulnerability TypeDescription
CVE-2020-15892
aka Loginsoft-2020-1006
Stack-based Buffer OverflowA classic stack-based buffer overflow in the `ssi` binary, leading to arbitrary command execution.
CVE-2020-15893Command InjectionCommand injection vulnerability in the UPnP via a crafted M-SEARCH packet
CVE-2020-15894Sensitive Information ExposureExposed administration function allows unauthorized access to sensitive information.
CVE-2020-15895
aka Loginsoft-2020-1008
Cross-Site Scripting (XSS)Reflected XSS vulnerability on the device configuration webpage due to an unescaped value
CVE-2020-15896
aka Loginsoft-2020-1007
Sensitive Information Exposure / Authentication Bypass BackdoorExposed administration function allows unauthorized access to sensitive information.
 
Top