CVE-2020-15632 - Vulnerability Details - OpenCVE

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dlink	Dir-842 Dir-842 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-842:c:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10184
https://www.zerodayinitiative.com/advisories/ZDI-20-880/

History

No history.

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2020-07-23T20:45:18

Updated: 2024-08-04T13:22:30.056Z

Reserved: 2020-07-07T00:00:00

Link: CVE-2020-15632

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-07-23T21:15:11.970

Modified: 2024-11-21T05:05:54.377

Link: CVE-2020-15632

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "DIR-842", "vendor": "D-Link", "versions": [{"status": "affected", "version": "3.13B05"}]}], "credits": [{"lang": "en", "value": "chung96vn - Security Researcher of VinCSS (Member of Vingroup)"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-303", "description": "CWE-303: Incorrect Implementation of Authentication Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-23T20:45:17", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-880/"}, {"tags": ["x_refsource_MISC"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10184"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2020-15632", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DIR-842", "version": {"version_data": [{"version_value": "3.13B05"}]}}]}, "vendor_name": "D-Link"}]}}, "credit": "chung96vn - Security Researcher of VinCSS (Member of Vingroup)", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083."}]}, "impact": {"cvss": {"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-303: Incorrect Implementation of Authentication Algorithm"}]}]}, "references": {"reference_data": [{"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-880/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-880/"}, {"name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10184", "refsource": "MISC", "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10184"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:22:30.056Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-880/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10184"}]}]}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2020-15632", "datePublished": "2020-07-23T20:45:18", "dateReserved": "2020-07-07T00:00:00", "dateUpdated": "2024-08-04T13:22:30.056Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-842_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB96C904-6D76-4648-AF19-BCBA02D4C570", "versionEndIncluding": "3.13b09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-842:c:*:*:*:*:*:*:*", "matchCriteriaId": "5698011B-DF15-4187-B3C1-3CC4365DCC90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083."}, {"lang": "es", "value": "Esta vulnerabilidad permite a atacantes adyacentes a la red omitir la autenticaci\u00f3n en las instalaciones afectadas de los enrutadores D-Link DIR-842 3.13B05. No es requerida una autenticaci\u00f3n para explotar esta vulnerabilidad. El fallo espec\u00edfico se presenta dentro del procesamiento de las peticiones HNAP GetCAPTCHAsetting. El problema resulta de una falta de manejo apropiado de las sesiones. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del dispositivo. Fue ZDI-CAN-10083"}], "id": "CVE-2020-15632", "lastModified": "2024-11-21T05:05:54.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-23T21:15:11.970", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10184"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-880/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-880/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-303"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}