The vulnerability of the HNAP Private Login component of D-Link’s wireless router software, including models D-Link DIR-867-US, D-Link DIR-878, and D-Link DIR-882-US, allows a hacker to change the administrator password.

The HNAP Private Login flaw in D-Link routers lets attackers remotely change administrator password.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2020-8863	17 Oct 202417:58	–	circl
CNVD	D-Link DIR-867, DIR-878 and DIR-882 HNAP Authentication Bypass Vulnerability	25 Feb 202000:00	–	cnvd
CVE	CVE-2020-8863	23 Mar 202020:25	–	cve
Cvelist	CVE-2020-8863	23 Mar 202020:25	–	cvelist
EUVD	EUVD-2020-29705	7 Oct 202500:30	–	euvd
NVD	CVE-2020-8863	23 Mar 202021:15	–	nvd
OSV	CVE-2020-8863	23 Mar 202021:15	–	osv
Prion	Authentication flaw	23 Mar 202021:15	–	prion
RedhatCVE	CVE-2020-8863	5 Feb 202513:20	–	redhatcve
Zero Day Initiative	D-Link Multiple Routers HNAP PrivateLogin Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability	24 Feb 202000:00	–	zdi

Vulners

Node

d-link dir-867Range<1.20b10beta

d-link dir-878Range<1.30b03beta

d-link dir-882_usRange<1.30b10beta

Source	Link
securitylab	www.securitylab.ru/vulnerability/505330.php
supportannouncement	www.supportannouncement.us.dlink.com/announcement/publication.aspx
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2020022506
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-20-267/
web	www.web.nvd.nist.gov/view/vuln/detail

20 Mar 2020 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 28.3

CVSS 38.8

EPSS0.76733