Details of VAR-202003-1675

ID

VAR-202003-1675

CVE

CVE-2020-8863

TITLE

plural D-Link Authentication vulnerabilities in routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-003175

DESCRIPTION

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. Zero Day Initiative To this vulnerability ZDI-CAN-9470 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-867, DIR-878 and DIR-882 are all wireless router products from D-Link, Taiwan. HNAP is a protocol called HNAP (Home Network Management Protocol)

Trust: 2.79

sources: NVD: CVE-2020-8863 // JVNDB: JVNDB-2020-003175 // ZDI: ZDI-20-267 // CNVD: CNVD-2020-18980

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-18980

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-867	scope:	lte	version:	1.10b04	Trust: 1.0
vendor:	dlink	model:	dir-878	scope:	lte	version:	1.20b03	Trust: 1.0
vendor:	dlink	model:	dir-882	scope:	lte	version:	1.10b04	Trust: 1.0
vendor:	d link	model:	dir-867	scope:	eq	version:	1.10b04	Trust: 0.8
vendor:	d link	model:	dir-878	scope:	eq	version:	1.10b04	Trust: 0.8
vendor:	d link	model:	dir-882	scope:	eq	version:	1.10b04	Trust: 0.8
vendor:	d link	model:	multiple routers	scope:	-	version:	-	Trust: 0.7
vendor:	d link	model:	dir-867 1.10b04	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-878 1.10b04	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-882 1.10b04	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-20-267 // CNVD: CNVD-2020-18980 // JVNDB: JVNDB-2020-003175 // NVD: CVE-2020-8863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8863
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-8863
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-003175
value:	HIGH
Trust: 0.8
ZDI:	CVE-2020-8863
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-18980
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202002-1139
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-8863
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-003175
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-18980
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-8863
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-8863
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-003175
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-8863
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-267 // CNVD: CNVD-2020-18980 // JVNDB: JVNDB-2020-003175 // CNNVD: CNNVD-202002-1139 // NVD: CVE-2020-8863 // NVD: CVE-2020-8863

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.8
problemtype:	CWE-303	Trust: 1.0

sources: JVNDB: JVNDB-2020-003175 // NVD: CVE-2020-8863

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202002-1139

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202002-1139

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003175

PATCH

title:	SAP10157	url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10157	Trust: 1.5
title:	Patch for D-Link DIR-867, DIR-878, and DIR-882 HNAP certification bypass vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/210439	Trust: 0.6
title:	D-Link DIR-867 , DIR-878 and DIR-882 HNAP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110308	Trust: 0.6

sources: ZDI: ZDI-20-267 // CNVD: CNVD-2020-18980 // JVNDB: JVNDB-2020-003175 // CNNVD: CNNVD-202002-1139

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8863	Trust: 3.7
db:	ZDI	id:	ZDI-20-267	Trust: 2.9
db:	DLINK	id:	SAP10157	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-003175	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-9470	Trust: 0.7
db:	CNVD	id:	CNVD-2020-18980	Trust: 0.6
db:	CNNVD	id:	CNNVD-202002-1139	Trust: 0.6

sources: ZDI: ZDI-20-267 // CNVD: CNVD-2020-18980 // JVNDB: JVNDB-2020-003175 // CNNVD: CNNVD-202002-1139 // NVD: CVE-2020-8863

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-20-267/	Trust: 2.8
url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10157	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8863	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8863\	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8863	Trust: 0.6

sources: ZDI: ZDI-20-267 // CNVD: CNVD-2020-18980 // JVNDB: JVNDB-2020-003175 // CNNVD: CNNVD-202002-1139 // NVD: CVE-2020-8863

CREDITS

chung96vn - Security Researcher of VinCSS (Member of Vingroup)

Trust: 0.7

sources: ZDI: ZDI-20-267

SOURCES

db:	ZDI	id:	ZDI-20-267
db:	CNVD	id:	CNVD-2020-18980
db:	JVNDB	id:	JVNDB-2020-003175
db:	CNNVD	id:	CNNVD-202002-1139
db:	NVD	id:	CVE-2020-8863

LAST UPDATE DATE

2024-11-23T22:44:37.964000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-267	date:	2020-02-24T00:00:00
db:	CNVD	id:	CNVD-2020-18980	date:	2020-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2020-003175	date:	2020-04-07T00:00:00
db:	CNNVD	id:	CNNVD-202002-1139	date:	2020-03-26T00:00:00
db:	NVD	id:	CVE-2020-8863	date:	2024-11-21T05:39:35.580

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-267	date:	2020-02-24T00:00:00
db:	CNVD	id:	CNVD-2020-18980	date:	2020-03-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-003175	date:	2020-04-07T00:00:00
db:	CNNVD	id:	CNNVD-202002-1139	date:	2020-02-24T00:00:00
db:	NVD	id:	CVE-2020-8863	date:	2020-03-23T21:15:12.377