HomePentest-Tools.com Logo

D-Link DAP-1522 <= 1.42 Authentication Bypass Vulnerability CVE-2020-15896

CVSSv3 Score
Vulnerability description

D-Link DAP-1522 is prone to an authentication bypass vulnerability.

Risk description

There exist a few pages that are directly accessible by any unauthorized user, e.g. logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1.


No solution was made available by the vendor. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. The vendor states: DAP-1522 (EOS: 07/01/2016) have reached its End-of-Support (EOS) / End-of-Life (EOL) Date. As a general policy, when the product reaches EOS/EOL, it can no longer be supported, and all firmware development for the product ceases, except in certain unique situations.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Jul 22, 2020
Detection added at
Software Type
Not available
Not available
Not available