Details of VAR-202007-0675

ID

VAR-202007-0675

CVE

CVE-2020-15894

TITLE

D-Link DIR-816L Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2020-008185

DESCRIPTION

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. D-Link DIR-816L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-816L is a wireless router made by D-Link in Taiwan. D-Link DIR-816L 1.10b04Beta02 has an information disclosure vulnerability in 2.x versions

Trust: 2.16

sources: NVD: CVE-2020-15894 // JVNDB: JVNDB-2020-008185 // CNVD: CNVD-2020-42656

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-42656

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-816l	scope:	eq	version:	2.06	Trust: 1.0
vendor:	dlink	model:	dir-816l	scope:	eq	version:	2.06.b09	Trust: 1.0
vendor:	d link	model:	dir-816l	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-816l 2.*,<1.10b04beta02	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-42656 // JVNDB: JVNDB-2020-008185 // NVD: CVE-2020-15894

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15894
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-008185
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-42656
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202007-1376
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-15894
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008185
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-42656
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15894
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-008185
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-42656 // JVNDB: JVNDB-2020-008185 // CNNVD: CNNVD-202007-1376 // NVD: CVE-2020-15894

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2020-008185 // NVD: CVE-2020-15894

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1376

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1376

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008185

PATCH

title:	DAP-1520 Rev. Ax FW 1.10B04 / DAP-1522 Rev. Ax FW 1.42 / DIR-816L Rev. Bx FW 2.06.B09 :: End of Support Recommendation for Disclosed Vulnerabiltieis	url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169	Trust: 0.8
title:	Patch for D-Link DIR-816L information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/227315	Trust: 0.6

sources: CNVD: CNVD-2020-42656 // JVNDB: JVNDB-2020-008185

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15894	Trust: 3.0
db:	DLINK	id:	SAP10169	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-008185	Trust: 0.8
db:	CNVD	id:	CNVD-2020-42656	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1376	Trust: 0.6

sources: CNVD: CNVD-2020-42656 // JVNDB: JVNDB-2020-008185 // CNNVD: CNNVD-202007-1376 // NVD: CVE-2020-15894

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-15894	Trust: 2.0
url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10169	Trust: 1.6
url:	https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15894	Trust: 0.8

sources: CNVD: CNVD-2020-42656 // JVNDB: JVNDB-2020-008185 // CNNVD: CNNVD-202007-1376 // NVD: CVE-2020-15894

SOURCES

db:	CNVD	id:	CNVD-2020-42656
db:	JVNDB	id:	JVNDB-2020-008185
db:	CNNVD	id:	CNNVD-202007-1376
db:	NVD	id:	CVE-2020-15894

LAST UPDATE DATE

2024-08-14T13:44:04.161000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-42656	date:	2020-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-008185	date:	2020-09-04T00:00:00
db:	CNNVD	id:	CNNVD-202007-1376	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2020-15894	date:	2023-11-08T22:49:55.577

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-42656	date:	2020-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-008185	date:	2020-09-04T00:00:00
db:	CNNVD	id:	CNNVD-202007-1376	date:	2020-07-22T00:00:00
db:	NVD	id:	CVE-2020-15894	date:	2020-07-22T19:15:12.710