CVE-2020-24577
First published: Fri Jan 08 2021(Updated: )
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dsl-2888a Firmware | <au_2.31_v1.1.47ae55 | |
| Dlink Dsl-2888a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-24577.
What is the severity of CVE-2020-24577?
The severity of CVE-2020-24577 is high with a CVSS score of 7.5.
What is affected by CVE-2020-24577?
D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are affected by CVE-2020-24577.
How does CVE-2020-24577 impact the affected devices?
CVE-2020-24577 allows the One Touch application to disclose sensitive information, such as hashed admin login password and internet provider connection username and cleartext password.
Is there a fix available for CVE-2020-24577?
Yes, a firmware update to version AU_2.31_V1.1.47ae55 or later should fix the vulnerability CVE-2020-24577.
- collector/nvd-index
- agent/tags
- agent/event
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/dlink
- canonical/dlink dsl-2888a firmware
- canonical/dlink dsl-2888a