HomePentest-Tools.com Logo

D-Link DIR-816L <= 2.06.B09 Multiple Vulnerabilities CVE-2020-15893CVE-2020-15894CVE-2020-15895

Severity
CVSSv3 Score
6.1
Vulnerability description

D-Link DIR-816L is prone to multiple vulnerabilities.

Risk description

The following vulnerabilities exist: - CVE-2020-15893: Command injection in the UPnP via a crafted M-SEARCH packet - CVE-2020-15894: Exposed administration function, allowing unauthorized access to the few sensitive information - CVE-2020-15895: Reflected XSS due to an unescaped value on the device configuration webpage

Recommendation

No solution was made available by the vendor. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. The vendor states: DIR-816L (EOS: 03/01/2016) have reached its End-of-Support (EOS) / End-of-Life (EOL) Date. As a general policy, when the product reaches EOS/EOL, it can no longer be supported, and all firmware development for the product ceases, except in certain unique situations.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 22, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available