cnvd - cnvd-2021-28689

CNVD-2021-28689

Vulnerability from cnvd - Published: 2021-04-15

Title

D-Link DAP-2020任意⽂件读取漏洞

Description

友讯集团（D-Link），成⽴于 1986 年，1994 年 10 ⽉于中国台湾省证券交易所挂牌上市，为中国台湾省第⼀家上市的⽹络公司，以⾃创 D-Link 品牌⾏销全球，产品遍及 100 多个国家。 D-Link任意⽂件读取漏洞，攻击者可利用该漏洞获取敏感信息。

Severity

中

Formal description

厂商尚未提供相关漏洞补丁链接，请关注厂商主页及时更新： https://us.dlink.com

Reference

https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html https://mp.weixin.qq.com/s/SpM8AkRz1bYXd9qZ6N_71w

Impacted products

Name
D-Link DAP-2020

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-27250"
    }
  },
  "description": "\u53cb\u8baf\u96c6\u56e2\uff08D-Link\uff09\uff0c\u6210\u2f74\u4e8e 1986 \u5e74\uff0c1994 \u5e74 10 \u2f49\u4e8e\u4e2d\u56fd\u53f0\u6e7e\u7701\u8bc1\u5238\u4ea4\u6613\u6240\u6302\u724c\u4e0a\n\u5e02\uff0c\u4e3a\u4e2d\u56fd\u53f0\u6e7e\u7701\u7b2c\u2f00\u5bb6\u4e0a\u5e02\u7684\u2f79\u7edc\u516c\u53f8\uff0c\u4ee5\u2f83\u521b D-Link \u54c1\u724c\u2f8f\u9500\u5168\u7403\uff0c\u4ea7\u54c1\u904d\u53ca 100 \u591a\n\u4e2a\u56fd\u5bb6\u3002\n\nD-Link\u4efb\u610f\u2f42\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://us.dlink.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28689",
  "openTime": "2021-04-15",
  "products": {
    "product": "D-Link DAP-2020"
  },
  "referenceLink": "https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html\r\nhttps://mp.weixin.qq.com/s/SpM8AkRz1bYXd9qZ6N_71w",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-23",
  "title": "D-Link DAP-2020\u4efb\u610f\u2f42\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}

CVE-2021-27250 (GCVE-0-2021-27250)

Vulnerability from cvelistv5 – Published: 2021-04-14 15:45 – Updated: 2024-08-03 20:48

Summary

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-73 - External Control of File Name or Path

Assigner

zdi

References

URL

Tags

	https://supportannouncement.us.dlink.com/announce…	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	D-Link	DAP-2020	Affected: v1.01rc001

Credits

SUID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:16.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-205/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DAP-2020",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "v1.01rc001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "SUID"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-14T15:45:56",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-205/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-27250",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DAP-2020",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "v1.01rc001"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "D-Link"
              }
            ]
          }
        },
        "credit": "SUID",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-73: External Control of File Name or Path"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201",
              "refsource": "MISC",
              "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-205/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-205/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-27250",
    "datePublished": "2021-04-14T15:45:56",
    "dateReserved": "2021-02-16T00:00:00",
    "dateUpdated": "2024-08-03T20:48:16.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-28689

CVE-2021-27250 (GCVE-0-2021-27250)

Tags

Sightings

Nomenclature