Lucene search

[email protected]CVE-2020-29557

HistoryJan 29, 2021 - 8:15 p.m.

CVE-2020-29557

2021-01-2920:15:00

CWE-119

[email protected]

web.nvd.nist.gov

876

In Wild

cve-2020-29557

d-link

dir-825

pre-auth

rce

buffer overflow

web interface

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.061 Low

EPSS

Percentile

93.4%

JSON

An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.

CPENameOperatorVersion
dlink:dir-825_r1_firmwaredlink dir-825 r1 firmwarele3.0.1

CPE	Name	Operator	Version
dlink:dir-825_r1_firmware	dlink dir-825 r1 firmware	le	3.0.1

References

shaqed.github.io/dlink/

www.dlink.ru/ru/download2/5/19/2354/441/

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.061 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2020-29557

prion1 cisa_kev1 checkpoint_advisories1 nessus1 attackerkb1 threatpost1 thn1