Severity Rating: HIGH
Systems Affected
D-Link DIR-865L Ax 1.20B01 Beta devices
Overview
Multiple security vulnerabilities have been reported in D-Link devices
which could allow a remote attacker to perform cross-site scripting, remote
code execution, bypass security restrictions or access sensitive
information on the targeted system.
Description
These vulnerabilities exist due to an inadequate encryption strength, a
predictable seed in a pseudo random number, cleartext storage and
transmission of sensitive information, cross-site request forgery (CSRF),
and Command Injection in D-Link devices.
Successful exploitation of these vulnerabilities allow a remote attacker to
perform cross-site scripting, execute remote code, security restriction
bypass or access sensitive information on the targeted system.
Solution
Apply appropriate patches as mentioned by the vendor
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name
=SAP10174
Vendor Information
D-Link
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name
=SAP10174
References
D-Link
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174
Palo Alto
https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/
Security Affairs
https://securityaffairs.co/wordpress/104684/security/d-link-dir-865l-flaws.
html
CVE Name
CVE-2020-13782
CVE-2020-13783
CVE-2020-13784
CVE-2020-13785
CVE-2020-13786
CVE-2020-13787
Systems Affected
D-Link DIR-865L Ax 1.20B01 Beta devices
Overview
Multiple security vulnerabilities have been reported in D-Link devices
which could allow a remote attacker to perform cross-site scripting, remote
code execution, bypass security restrictions or access sensitive
information on the targeted system.
Description
These vulnerabilities exist due to an inadequate encryption strength, a
predictable seed in a pseudo random number, cleartext storage and
transmission of sensitive information, cross-site request forgery (CSRF),
and Command Injection in D-Link devices.
Successful exploitation of these vulnerabilities allow a remote attacker to
perform cross-site scripting, execute remote code, security restriction
bypass or access sensitive information on the targeted system.
Solution
Apply appropriate patches as mentioned by the vendor
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name
=SAP10174
Vendor Information
D-Link
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name
=SAP10174
References
D-Link
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10174
Palo Alto
https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/
Security Affairs
https://securityaffairs.co/wordpress/104684/security/d-link-dir-865l-flaws.
html
CVE Name
CVE-2020-13782
CVE-2020-13783
CVE-2020-13784
CVE-2020-13785
CVE-2020-13786
CVE-2020-13787
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.