How severe is CVE-2020-8863?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-8863?

This is classified as CWE-303, which is a common weakness in software security.

CVE-2020-8863

HIGH Year: 2020

CVSS v3 Score

8.8

High

CVSS v2 Score

8.3

High

Weakness Type

CWE-303

View all →

Vulnerability Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470.

CVE-2020-15632

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability....

CWE-3032020

CVE-2020-8861

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit...

CWE-3032020

CVE-2023-34274

HIGH

CVSS:8.8(High)

D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on...

CWE-3032023

CVE-2023-34282

HIGH

CVSS:8.8(High)

D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected...

CWE-3032023

CVE-2023-44420

HIGH

CVSS:8.8(High)

D-Link DIR-X3260 prog.cgi Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on aff...

CWE-3032023

CVE-2016-9463

HIGH

CVSS:8.1(High)

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled...

CWE-3032016

CVE-2020-8863

Vulnerability Description

Related Vulnerabilities

CVE-2020-15632

CVE-2020-8861

CVE-2023-34274

CVE-2023-34282

CVE-2023-44420

CVE-2016-9463