First published: Mon Jun 08 2020(Updated: )
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dsl-2730u Firmware | =in_1.10 | |
Dlink Dsl-2730u | ||
Dlink Dir-600m Firmware | =3.04 | |
Dlink Dir-600m |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this security issue is CVE-2020-13960.
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices are affected by CVE-2020-13960.
CVE-2020-13960 has a severity level of 7.5, which is considered high.
The default vulnerability in D-Link devices is having the domain.name string in the DNS resolver search path, as seen in CVE-2020-13960.
CVE-2020-13960 can be exploited by remote attackers providing valid DNS responses and offering Internet services such as HTTP for names that would have had an NXDOMAIN error.