How severe is CVE-2020-8864?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-8864?

This is classified as CWE-697, which is a common weakness in software security.

CVE-2020-8864 - HIGH Severity | CVSS 8.8

Vulnerability Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper handling of empty passwords. An attacker can leverage this vulnerability to execute arbitrary code on the router. Was ZDI-CAN-9471.

Related Vulnerabilities

CVE-2020-8862

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this v...

CWE-6972020

CVE-2022-43621

HIGH

CVSS:8.8(High)

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. T...

CWE-6972022

CVE-2020-11071

HIGH

CVSS:8.6(High)

SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet co...

CWE-6972020

CVE-2020-11072

HIGH

CVSS:8.6(High)

In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow ...

CWE-6972020

CVE-2020-13485

CRITICAL

CVSS:9.1(Critical)

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

CWE-6972020

CVE-2021-44078

HIGH

CVSS:8.1(High)

An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code i...

CWE-6972021