Details of VAR-202007-0870

ID

VAR-202007-0870

CVE

CVE-2020-15631

TITLE

D-Link DAP-1860 operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-42659 // CNNVD: CNNVD-202007-1301

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10084. D-Link DAP-1860 To OS A command injection vulnerability exists. Zero Day Initiative To this vulnerability ZDI-CAN-10084 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DAP-1860 is a WiFi range extender manufactured by D-Link in Taiwan. This vulnerability does not correctly verify the characters submitted by the user before executing the system call

Trust: 2.79

sources: NVD: CVE-2020-15631 // JVNDB: JVNDB-2020-008736 // ZDI: ZDI-20-879 // CNVD: CNVD-2020-42659

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-42659

AFFECTED PRODUCTS

vendor:	dlink	model:	dap-1860	scope:	lte	version:	1.04b01	Trust: 1.0
vendor:	d link	model:	dap-1860	scope:	eq	version:	1.04b03	Trust: 0.8
vendor:	d link	model:	dap-1860	scope:	-	version:	-	Trust: 0.7
vendor:	d link	model:	dap-1860 <=1.04b01	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-20-879 // CNVD: CNVD-2020-42659 // JVNDB: JVNDB-2020-008736 // NVD: CVE-2020-15631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-15631
value:	HIGH
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-15631
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-008736
value:	HIGH
Trust: 0.8
ZDI:	CVE-2020-15631
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2020-42659
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202007-1301
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-15631
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008736
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-42659
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-15631
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2020-15631
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-008736
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2020-15631
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-20-879 // CNVD: CNVD-2020-42659 // JVNDB: JVNDB-2020-008736 // CNNVD: CNNVD-202007-1301 // NVD: CVE-2020-15631 // NVD: CVE-2020-15631

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2020-008736 // NVD: CVE-2020-15631

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202007-1301

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1301

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008736

PATCH

title:	SAP10185	url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10185	Trust: 1.5
title:	Patch for D-Link DAP-1860 operating system command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/227327	Trust: 0.6
title:	D-Link DAP-1860 Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124972	Trust: 0.6

sources: ZDI: ZDI-20-879 // CNVD: CNVD-2020-42659 // JVNDB: JVNDB-2020-008736 // CNNVD: CNNVD-202007-1301

EXTERNAL IDS

db:	NVD	id:	CVE-2020-15631	Trust: 3.7
db:	ZDI	id:	ZDI-20-879	Trust: 2.9
db:	DLINK	id:	SAP10185	Trust: 1.6
db:	JVNDB	id:	JVNDB-2020-008736	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-10084	Trust: 0.7
db:	CNVD	id:	CNVD-2020-42659	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1301	Trust: 0.6

sources: ZDI: ZDI-20-879 // CNVD: CNVD-2020-42659 // JVNDB: JVNDB-2020-008736 // CNNVD: CNNVD-202007-1301 // NVD: CVE-2020-15631

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-20-879/	Trust: 2.8
url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10185	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15631	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15631	Trust: 0.8

sources: ZDI: ZDI-20-879 // CNVD: CNVD-2020-42659 // JVNDB: JVNDB-2020-008736 // CNNVD: CNNVD-202007-1301 // NVD: CVE-2020-15631

CREDITS

chung96vn - Security Researcher of VinCSS (Member of Vingroup)

Trust: 1.3

sources: ZDI: ZDI-20-879 // CNNVD: CNNVD-202007-1301

SOURCES

db:	ZDI	id:	ZDI-20-879
db:	CNVD	id:	CNVD-2020-42659
db:	JVNDB	id:	JVNDB-2020-008736
db:	CNNVD	id:	CNNVD-202007-1301
db:	NVD	id:	CVE-2020-15631

LAST UPDATE DATE

2024-11-23T23:04:17.920000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-20-879	date:	2020-07-20T00:00:00
db:	CNVD	id:	CNVD-2020-42659	date:	2020-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-008736	date:	2020-09-23T00:00:00
db:	CNNVD	id:	CNNVD-202007-1301	date:	2020-07-29T00:00:00
db:	NVD	id:	CVE-2020-15631	date:	2024-11-21T05:05:54.250

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-20-879	date:	2020-07-20T00:00:00
db:	CNVD	id:	CNVD-2020-42659	date:	2020-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-008736	date:	2020-09-23T00:00:00
db:	CNNVD	id:	CNNVD-202007-1301	date:	2020-07-20T00:00:00
db:	NVD	id:	CVE-2020-15631	date:	2020-07-23T21:15:11.893