Sign-up

ID

VAR-202002-1369


CVE

CVE-2020-8862


TITLE

D-Link DAP-2610 Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-002267

DESCRIPTION

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from the lack of proper password checking. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-10082. Zero Day Initiative To this vulnerability ZDI-CAN-10082 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DAP-2610 is a wireless AC1300 Wave 2 dual-band PoE access point

Trust: 2.79

sources: NVD: CVE-2020-8862 // JVNDB: JVNDB-2020-002267 // ZDI: ZDI-20-266 // CNVD: CNVD-2020-13154

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-13154

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-2610scope:lteversion:2.01rc067

Trust: 1.0

vendor:d linkmodel:dap-2610scope:eqversion:2.01rc067

Trust: 0.8

vendor:d linkmodel:dap-2610scope: - version: -

Trust: 0.7

vendor:d linkmodel:dap-2610 2.01rc067scope: - version: -

Trust: 0.6

sources: ZDI: ZDI-20-266 // CNVD: CNVD-2020-13154 // JVNDB: JVNDB-2020-002267 // NVD: CVE-2020-8862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8862
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-8862
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002267
value: HIGH

Trust: 0.8

ZDI: CVE-2020-8862
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-13154
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-1074
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-8862
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002267
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-13154
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-8862
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2020-8862
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002267
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-8862
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-266 // CNVD: CNVD-2020-13154 // JVNDB: JVNDB-2020-002267 // CNNVD: CNNVD-202002-1074 // NVD: CVE-2020-8862 // NVD: CVE-2020-8862

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

problemtype:CWE-697

Trust: 1.0

sources: JVNDB: JVNDB-2020-002267 // NVD: CVE-2020-8862

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202002-1074

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202002-1074

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002267

PATCH
title:SAP10154url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10154
Trust: 1.5
title:Patch for D-Link DAP-2610 Certification Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/204107
Trust: 0.6
title:D-Link DAP-2610 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110262
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-266 // 
            
            
            
            CNVD: CNVD-2020-13154 // 
            
            
            
            JVNDB: JVNDB-2020-002267 // 
            
            
            
            CNNVD: CNNVD-202002-1074

EXTERNAL IDS
db:NVDid:CVE-2020-8862
Trust: 3.7
db:ZDIid:ZDI-20-266
Trust: 2.3
db:DLINKid:SAP10154
Trust: 1.6
db:JVNDBid:JVNDB-2020-002267
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-10082
Trust: 0.7
db:CNVDid:CNVD-2020-13154
Trust: 0.6
db:CNNVDid:CNNVD-202002-1074
Trust: 0.6
sources:
            
            
            ZDI: ZDI-20-266 // 
            
            
            
            CNVD: CNVD-2020-13154 // 
            
            
            
            JVNDB: JVNDB-2020-002267 // 
            
            
            
            CNNVD: CNNVD-202002-1074 // 
            
            
            
            NVD: CVE-2020-8862

REFERENCES
url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10154
Trust: 2.3
url:https://www.zerodayinitiative.com/advisories/zdi-20-266/
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-8862
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8862
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-8862\
Trust: 0.8
sources:
            
            
            ZDI: ZDI-20-266 // 
            
            
            
            CNVD: CNVD-2020-13154 // 
            
            
            
            JVNDB: JVNDB-2020-002267 // 
            
            
            
            CNNVD: CNNVD-202002-1074 // 
            
            
            
            NVD: CVE-2020-8862

CREDITS
chung96vn - Security Researcher of VinCSS (Member of Vingroup)
Trust: 0.7
sources:
            
            
            ZDI: ZDI-20-266

SOURCES
db:ZDIid:ZDI-20-266
db:CNVDid:CNVD-2020-13154
db:JVNDBid:JVNDB-2020-002267
db:CNNVDid:CNNVD-202002-1074
db:NVDid:CVE-2020-8862

LAST UPDATE DATE
2024-11-23T22:51:29.671000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-20-266date:2020-02-21T00:00:00
db:CNVDid:CNVD-2020-13154date:2020-02-24T00:00:00
db:JVNDBid:JVNDB-2020-002267date:2020-03-10T00:00:00
db:CNNVDid:CNNVD-202002-1074date:2021-01-05T00:00:00
db:NVDid:CVE-2020-8862date:2024-11-21T05:39:35.463

SOURCES RELEASE DATE
db:ZDIid:ZDI-20-266date:2020-02-21T00:00:00
db:CNVDid:CNVD-2020-13154date:2020-02-24T00:00:00
db:JVNDBid:JVNDB-2020-002267date:2020-03-10T00:00:00
db:CNNVDid:CNNVD-202002-1074date:2020-02-21T00:00:00
db:NVDid:CVE-2020-8862date:2020-02-22T00:15:10.937