First published: Wed Jul 22 2020(Updated: )
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-link Dir-816l Firmware | =2.06 | |
D-link Dir-816l Firmware | =2.06.b09-beta | |
Dlink Dir-816l | =b1 | |
Dlink Dir-816l Firmware | =2.06 | |
Dlink Dir-816l Firmware | =2.06.b09-beta |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15893 is a vulnerability discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02.
CVE-2020-15893 enables an attacker to perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
The severity of CVE-2020-15893 is critical, with a CVSS score of 9.8.
Yes, the D-Link DIR-816L firmware version 2.06 is affected by CVE-2020-15893.
To fix CVE-2020-15893, it is recommended to update the D-Link DIR-816L firmware to version 1.10b04Beta02 or later.