CWE
669 787 119
Advisory Published
Updated

CVE-2020-15892: Buffer Overflow

First published: Wed Jul 22 2020(Updated: )

An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
D-link Dap-1520 Firmware<=1.10b04
Dlink Dap-1520=a1
Dlink Dap-1520 Firmware<=1.10b04

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-15892?

    CVE-2020-15892 is a vulnerability discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02.

  • What is the severity of CVE-2020-15892?

    The severity of CVE-2020-15892 is critical with a CVSS score of 9.8.

  • How does CVE-2020-15892 affect D-Link DAP-1520 devices?

    CVE-2020-15892 allows attackers to execute arbitrary code on D-Link DAP-1520 devices.

  • How can I fix CVE-2020-15892?

    To fix CVE-2020-15892, users should update their D-Link DAP-1520 firmware to version 1.10b04Beta02 or later.

  • Are there any additional references for CVE-2020-15892?

    Yes, you can find additional information about CVE-2020-15892 at the following links: [Research Loginsoft](https://research.loginsoft.com/bugs/classic-stack-based-buffer-overflow-in-dlink-firmware-dap-1520/) and [D-Link Support Announcement](https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203