7.5
CWE
306
Advisory Published
Updated

CVE-2020-15894

First published: Wed Jul 22 2020(Updated: )

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
D-link Dir-816l Firmware=2.06
D-link Dir-816l Firmware=2.06.b09-beta
Dlink Dir-816l=b1
Dlink Dir-816l Firmware=2.06
Dlink Dir-816l Firmware=2.06.b09-beta

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-15894?

    CVE-2020-15894 is a vulnerability found in D-Link DIR-816L devices 2.x before 1.10b04Beta02, which allows an attacker to retrieve sensitive information.

  • How can an attacker exploit CVE-2020-15894?

    An attacker can exploit CVE-2020-15894 by utilizing the exposed administration function in getcfg.php to call various services and retrieve sensitive information.

  • What is the severity of CVE-2020-15894?

    CVE-2020-15894 has a severity rating of 7.5 (high).

  • How do I know if my device is affected by CVE-2020-15894?

    If you are using D-Link DIR-816L devices 2.x before 1.10b04Beta02 or 2.06 firmware, your device may be affected by CVE-2020-15894.

  • How can I fix CVE-2020-15894?

    To fix CVE-2020-15894, it is recommended to update your D-Link DIR-816L device to firmware version 1.10b04Beta02 or newer.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203