5 severe D-Link router vulnerabilities disclosed, patch now

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The vulnerabilities reported by ACE Team – Loginsoft include reflected Cross-Site Scripting (XSS) attacks, buffer overflows to means of obtaining admin credentials, bypassing authentication altogether, and executing arbitrary code.
Any attacker with access to the router administration page can carry out the said attacks even if they do not know the admin credentials.
The vulnerabilities disclosed and patched this week are:

IdentifiersVulnerability TypeDescription
CVE-2020-15892
aka Loginsoft-2020-1006
Stack-based Buffer OverflowA classic stack-based buffer overflow in the `ssi` binary, leading to arbitrary command execution.
CVE-2020-15893Command InjectionCommand injection vulnerability in the UPnP via a crafted M-SEARCH packet
CVE-2020-15894Sensitive Information ExposureExposed administration function allows unauthorized access to sensitive information.
CVE-2020-15895
aka Loginsoft-2020-1008
Cross-Site Scripting (XSS)Reflected XSS vulnerability on the device configuration webpage due to an unescaped value
CVE-2020-15896
aka Loginsoft-2020-1007
Sensitive Information Exposure / Authentication Bypass BackdoorExposed administration function allows unauthorized access to sensitive information.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top