CVE-2020-29324 - The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service thr

CVE-2020-29324

Summary

The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.

References

https://cybersecurityworks.com/zerodays/cve-2020-29324-d-link-router-dir-895l-mfc-telnet-hardcoded-credentials.html

Vulnerable Configurations

cpe:2.3:o:dlink:dir-895l_mfc_firmware:1.21b05:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-895l_mfc_firmware:1.21b05:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-895l_mfc:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-895l_mfc:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-06-2021 - 18:21)
Impact:
Exploitability:

CWE

CWE-312

CAPEC

Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

Last major update

10-06-2021 - 18:21

Published

04-06-2021 - 20:15

Last modified

10-06-2021 - 18:21