First published: Fri Jan 08 2021(Updated: )
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dsl-2888a Firmware | <au_2.31_v1.1.47ae55 | |
Dlink Dsl-2888a |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-24577.
The severity of CVE-2020-24577 is high with a CVSS score of 7.5.
D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are affected by CVE-2020-24577.
CVE-2020-24577 allows the One Touch application to disclose sensitive information, such as hashed admin login password and internet provider connection username and cleartext password.
Yes, a firmware update to version AU_2.31_V1.1.47ae55 or later should fix the vulnerability CVE-2020-24577.