Details of VAR-202106-0373

ID

VAR-202106-0373

CVE

CVE-2020-29323

TITLE

D-link DIR-885L MFC Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-41079 // CNNVD: CNNVD-202106-366

DESCRIPTION

The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. D-link Router DIR-885L-MFC Exists in an inadequate protection of credentials.Information may be obtained. D-Link DIR-885L MFC is a wireless router produced by D-Link in Taiwan. D-link DIR-885L-MFC 1.15b02, v1.21b05 has an information disclosure vulnerability. This vulnerability originates from DIR-885L-MFC 1.15b02, v1.21b05

Trust: 2.16

sources: NVD: CVE-2020-29323 // JVNDB: JVNDB-2020-016840 // CNVD: CNVD-2021-41079

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-41079

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-885l-mfc	scope:	eq	version:	1.21b05	Trust: 1.0
vendor:	dlink	model:	dir-885l-mfc	scope:	eq	version:	1.15b02	Trust: 1.0
vendor:	d link	model:	dir-885l-mfc	scope:	eq	version:	dir-885l-mfc firmware 1.21b05	Trust: 0.8
vendor:	d link	model:	dir-885l-mfc	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-885l-mfc	scope:	eq	version:	dir-885l-mfc firmware 1.15b02	Trust: 0.8
vendor:	d link	model:	dir-885l-mfc 1.15b02	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dir-885l-mfc v1.21b05	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-41079 // JVNDB: JVNDB-2020-016840 // NVD: CVE-2020-29323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29323
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-29323
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-41079
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-366
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-29323
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-41079
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-29323
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29323
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-41079 // JVNDB: JVNDB-2020-016840 // CNNVD: CNNVD-202106-366 // NVD: CVE-2020-29323

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	CWE-798	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-016840 // NVD: CVE-2020-29323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-366

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-366

PATCH

title:

Top Page

url:

https://www.dlink.com.br/

Trust: 0.8

sources: JVNDB: JVNDB-2020-016840

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29323	Trust: 3.8
db:	JVNDB	id:	JVNDB-2020-016840	Trust: 0.8
db:	CNVD	id:	CNVD-2021-41079	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-366	Trust: 0.6

sources: CNVD: CNVD-2021-41079 // JVNDB: JVNDB-2020-016840 // CNNVD: CNNVD-202106-366 // NVD: CVE-2020-29323

REFERENCES

url:	https://cybersecurityworks.com/zerodays/cve-2020-29323-telnet-hardcoded-credentials.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29323	Trust: 1.4

sources: CNVD: CNVD-2021-41079 // JVNDB: JVNDB-2020-016840 // CNNVD: CNNVD-202106-366 // NVD: CVE-2020-29323

SOURCES

db:	CNVD	id:	CNVD-2021-41079
db:	JVNDB	id:	JVNDB-2020-016840
db:	CNNVD	id:	CNNVD-202106-366
db:	NVD	id:	CVE-2020-29323

LAST UPDATE DATE

2024-08-14T14:25:18.969000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-41079	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-016840	date:	2022-02-15T08:43:00
db:	CNNVD	id:	CNNVD-202106-366	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2020-29323	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-41079	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-016840	date:	2022-02-15T00:00:00
db:	CNNVD	id:	CNNVD-202106-366	date:	2021-06-04T00:00:00
db:	NVD	id:	CVE-2020-29323	date:	2021-06-04T20:15:07.687