2 matches found
CVE-2020-15896
An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NONEEDAUTH. If the value of NONEEDAUTH is...
CVE-2020-15896
CVE-2020-15896 affects D-Link DAP-1522 devices with firmware 1.4x prior to 1.10b04Beta02. The root cause is improper handling of NO_NEED_AUTH: when NO_NEED_AUTH equals 1, protected pages (e.g., logout.php, login.php) are accessible without authentication, enabling an authentication bypass. Docume...