Details of VAR-202106-0374

ID

VAR-202106-0374

CVE

CVE-2020-29324

TITLE

D-Link DIR-895L MFC Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-41080 // CNNVD: CNNVD-202106-367

DESCRIPTION

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data. DLink Router DIR-895L MFC Contains a vulnerability in the plaintext storage of important information.Information may be obtained. D-Link DIR-895L MFC is a wireless router produced by D-Link in Taiwan. DLink DIR-895L MFC v1.21b05 has an information disclosure vulnerability

Trust: 2.16

sources: NVD: CVE-2020-29324 // JVNDB: JVNDB-2020-016841 // CNVD: CNVD-2021-41080

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-41080

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-895l mfc	scope:	eq	version:	1.21b05	Trust: 1.0
vendor:	d link	model:	dir-895l mfc	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-895l mfc	scope:	eq	version:	dir-895l mfc firmware 1.21b05	Trust: 0.8
vendor:	d link	model:	dir-895l-mfc v1.21b05	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-41080 // JVNDB: JVNDB-2020-016841 // NVD: CVE-2020-29324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-29324
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-29324
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-41080
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-367
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-29324
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-41080
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-29324
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2020-29324
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-41080 // JVNDB: JVNDB-2020-016841 // CNNVD: CNNVD-202106-367 // NVD: CVE-2020-29324

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-016841 // NVD: CVE-2020-29324

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-367

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202106-367

PATCH

title:

Top Page

url:

https://www.dlink.com.br/

Trust: 0.8

sources: JVNDB: JVNDB-2020-016841

EXTERNAL IDS

db:	NVD	id:	CVE-2020-29324	Trust: 3.8
db:	JVNDB	id:	JVNDB-2020-016841	Trust: 0.8
db:	CNVD	id:	CNVD-2021-41080	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-367	Trust: 0.6

sources: CNVD: CNVD-2021-41080 // JVNDB: JVNDB-2020-016841 // CNNVD: CNNVD-202106-367 // NVD: CVE-2020-29324

REFERENCES

url:	https://cybersecurityworks.com/zerodays/cve-2020-29324-d-link-router-dir-895l-mfc-telnet-hardcoded-credentials.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-29324	Trust: 1.4

sources: CNVD: CNVD-2021-41080 // JVNDB: JVNDB-2020-016841 // CNNVD: CNNVD-202106-367 // NVD: CVE-2020-29324

SOURCES

db:	CNVD	id:	CNVD-2021-41080
db:	JVNDB	id:	JVNDB-2020-016841
db:	CNNVD	id:	CNNVD-202106-367
db:	NVD	id:	CVE-2020-29324

LAST UPDATE DATE

2024-08-14T15:11:55.509000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-41080	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-016841	date:	2022-02-15T08:43:00
db:	CNNVD	id:	CNNVD-202106-367	date:	2021-06-11T00:00:00
db:	NVD	id:	CVE-2020-29324	date:	2021-06-10T18:21:31.487

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-41080	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-016841	date:	2022-02-15T00:00:00
db:	CNNVD	id:	CNNVD-202106-367	date:	2021-06-04T00:00:00
db:	NVD	id:	CVE-2020-29324	date:	2021-06-04T20:15:07.717