Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

D-Link DIR-880L Multiple Vulnerabilities (2020 - 2025)

🗓️ 14 May 2025 00:00:00Reported by Copyright (C) 2025 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 7 Views

D-Link DIR-880L devices have multiple vulnerabilities including credentials disclosure and more.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2025-4341
6 May 202510:21
circl
CNNVD		D-Link DIR-880L 信息泄露漏洞
4 Jun 202100:00
cnnvd
CNNVD		D-Link DIR-880L 安全漏洞
6 May 202500:00
cnnvd
CNVD		AUO DIR-880L Information Disclosure Vulnerability
7 Jun 202100:00
cnvd
CNVD		D-Link DIR-880L /htdocs/ssdpcgi File Command Injection Vulnerability
14 May 202500:00
cnvd
CVE		CVE-2020-29322
4 Jun 202119:39
cve
CVE		CVE-2025-4341
6 May 202508:31
cve
Cvelist		CVE-2020-29322
4 Jun 202119:39
cvelist
Cvelist		CVE-2025-4341 D-Link DIR-880L Request Header ssdpcgi sub_16570 command injection
6 May 202508:31
cvelist
EUVD		EUVD-2020-21696
7 Oct 202500:30
euvd
Rows per page
# SPDX-FileCopyrightText: 2025 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/o:dlink:dir-880l_firmware";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.171503");
  script_version("2025-06-25T05:41:02+0000");
  script_tag(name:"last_modification", value:"2025-06-25 05:41:02 +0000 (Wed, 25 Jun 2025)");
  script_tag(name:"creation_date", value:"2025-05-14 07:55:32 +0000 (Wed, 14 May 2025)");
  script_tag(name:"cvss_base", value:"6.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2025-05-13 20:25:22 +0000 (Tue, 13 May 2025)");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"WillNotFix");

  # nb: Unlike other VTs we're using the CVEs line by line here for easier addition of new CVEs / to
  #     avoid too large diffs when adding a new CVE.
  script_cve_id("CVE-2020-29322",
                "CVE-2025-4341"
               );

  script_name("D-Link DIR-880L Multiple Vulnerabilities (2020 - 2025)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2025 Greenbone AG");
  script_family("General");
  script_dependencies("gb_dlink_dir_consolidation.nasl");
  script_mandatory_keys("d-link/dir/detected");

  script_tag(name:"summary", value:"D-Link DIR-880L devices are prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if the target host is a vulnerable device.");

  script_tag(name:"insight", value:"The following flaws exist:

  - CVE-2020-29322: Credentials disclosure in telnet service through decompilation of firmware

  - CVE-2025-4341: The manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID the
  function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header Handler leads to
  command injection");

  script_tag(name:"affected", value:"D-Link DIR-880L devices in all versions.");

  script_tag(name:"solution", value:"No solution was made available by the vendor. General solution
  options are to upgrade to a newer release, disable respective features, remove the product or
  replace the product by another one.

  Note: The vendor states that technical support for DIR-880L has ended in 01.01.2020, therefore
  most probably no effort will be made to provide a fix for these vulnerabilities.");

  script_xref(name:"URL", value:"https://web.archive.org/web/20211209053855/https://cybersecurityworks.com/zerodays/cve-2020-29322-telnet-hardcoded-credentials.html");
  script_xref(name:"URL", value:"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10189");
  script_xref(name:"URL", value:"https://service.dlink.co.in/resources/EOL-Products-Without-Service.pdf");
  script_xref(name:"URL", value:"https://legacy.us.dlink.com/");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! version = get_app_version( cpe:CPE, nofork:TRUE ) )
  exit( 0 );

report = report_fixed_ver( installed_version:version, fixed_version:"None" );
security_message( port:0, data:report );
exit( 0 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Jun 2025 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 25 - 6.5
CVSS 3.16.3 - 9.8
CVSS 45.3
CVSS 36.3
EPSS0.01345
SSVC
d-link dir-880l vulnerabilitiescredentials disclosurecve-2020-29322cve-2025-4341remote bannerwill not fix solutionseverity 6.5
7