Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2020-15896
HistoryJul 22, 2020 - 6:55 p.m.

CVE-2020-15896

2020-07-2218:55:31
mitre
www.cve.org
4

EPSS

0.002

Percentile

59.9%

JSON

An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1.

Related

openvas 2
cve 1
prion 1
nvd 1
openvas
openvas
D-Link DAP-1522 <= 1.42 Authentication Bypass Vulnerability
2020-08-04 00:00:00
D-Link DAP-1522 Authentication Bypass Vulnerability (CVE-2020-15896)
2020-08-03 00:00:00
cve
cve
CVE-2020-15896
2020-07-22 19:15:12
prion
prion
Authentication flaw
2020-07-22 19:15:00
nvd
nvd
CVE-2020-15896
2020-07-22 19:15:12

EPSS

0.002

Percentile

59.9%

JSON
Related for CVELIST:CVE-2020-15896
openvas2cve1prion1nvd1