CVE-2020-15632

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.

Esta vulnerabilidad permite a atacantes adyacentes a la red omitir la autenticación en las instalaciones afectadas de los enrutadores D-Link DIR-842 3.13B05. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro del procesamiento de las peticiones HNAP GetCAPTCHAsetting. El problema resulta de una falta de manejo apropiado de las sesiones. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código arbitrario en el contexto del dispositivo. Fue ZDI-CAN-10083