CRITICAL🇵🇱 Wersja polska

CVE-2020-15892

CVSS 9.8v3.1pub. 2020-07-22upd. 2024-11-21

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dap 1520

    HW
    Dlink
    a1
  • Dlink Dap 1520 Firmware

    OS
    Dlink
    ≤ 1.10b04
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-4354HIGH8.7ten sam produkt

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue ...

CVE-2025-4355HIGH8.7ten sam produkt

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects t...

CVE-2025-4356HIGH8.7ten sam produkt

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerabili...

CVE-2024-36831MEDIUM5.3ten sam produkt

A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10...

CVE-2024-3272CRITICAL9.8⚠ KEVPL ✓ten sam vendor

D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)