Lucene search

[email protected]CVE-2020-9277

HistoryApr 20, 2020 - 11:15 p.m.

CVE-2020-9277

2020-04-2023:15:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2020-9277

d-link

dsl-2640b

authentication bypass

cgi modules

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.5%

JSON

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password) with no authentication.

CPENameOperatorVersion
dlink:dsl-2640b_firmwaredlink dsl-2640b firmwareeqeu_4.01b

CPE	Name	Operator	Version
dlink:dsl-2640b_firmware	dlink dsl-2640b firmware	eq	eu_4.01b

References

raelize.com/advisories/CVE-2020-9277_D-Link-DSL-2640B_CGI-Authentication-bypass_v1.0.txt

raelize.com/posts/d-link-dsl-2640b-security-advisories/

www.dlink.com/en/security-bulletin

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2020-9277

prion2 cvelist2 cve1