What is CVE-2020-15894?

CVE-2020-15894 is a vulnerability found in D-Link DIR-816L devices 2.x before 1.10b04Beta02, which allows an attacker to retrieve sensitive information.

How can an attacker exploit CVE-2020-15894?

An attacker can exploit CVE-2020-15894 by utilizing the exposed administration function in getcfg.php to call various services and retrieve sensitive information.

What is the severity of CVE-2020-15894?

CVE-2020-15894 has a severity rating of 7.5 (high).

How do I know if my device is affected by CVE-2020-15894?

If you are using D-Link DIR-816L devices 2.x before 1.10b04Beta02 or 2.06 firmware, your device may be affected by CVE-2020-15894.

How can I fix CVE-2020-15894?

To fix CVE-2020-15894, it is recommended to update your D-Link DIR-816L device to firmware version 1.10b04Beta02 or newer.

Vulnerability/
CVE-2020-15894

high

7.5

CWE

306

22/7/2020

4/8/2024

CVE-2020-15894

First published: Wed Jul 22 2020(Updated: )

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
D-link Dir-816l Firmware	=2.06
D-link Dir-816l Firmware	=2.06.b09-beta
Dlink Dir-816l	=b1
Dlink Dir-816l Firmware	=2.06
Dlink Dir-816l Firmware	=2.06.b09-beta

Remedy

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-15894?
CVE-2020-15894 is a vulnerability found in D-Link DIR-816L devices 2.x before 1.10b04Beta02, which allows an attacker to retrieve sensitive information.
How can an attacker exploit CVE-2020-15894?
An attacker can exploit CVE-2020-15894 by utilizing the exposed administration function in getcfg.php to call various services and retrieve sensitive information.
What is the severity of CVE-2020-15894?
CVE-2020-15894 has a severity rating of 7.5 (high).
How do I know if my device is affected by CVE-2020-15894?
If you are using D-Link DIR-816L devices 2.x before 1.10b04Beta02 or 2.06 firmware, your device may be affected by CVE-2020-15894.
How can I fix CVE-2020-15894?
To fix CVE-2020-15894, it is recommended to update your D-Link DIR-816L device to firmware version 1.10b04Beta02 or newer.

collector/nvd-index
collector/nvd-api
agent/references
agent/author
agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/last-modified-date
agent/weakness
agent/event
agent/description
agent/first-publish-date
agent/softwarecombine
agent/tags
vendor/d-link
canonical/d-link dir-816l firmware
version/d-link dir-816l firmware/2.06
version/d-link dir-816l firmware/2.06.b09-beta
vendor/dlink
canonical/dlink dir-816l
version/dlink dir-816l/b1
canonical/dlink dir-816l firmware
version/dlink dir-816l firmware/2.06
version/dlink dir-816l firmware/2.06.b09-beta

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.