D-Link DIR-825 R1 up to 3.0.1 Web Interface buffer overflow
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in D-Link DIR-825 R1 up to 3.0.1. It has been classified as critical. This affects an unknown part of the component Web Interface. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2020-29557. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Upgrading the affected component is recommended.
Details
A vulnerability was found in D-Link DIR-825 R1 up to 3.0.1 (Router Operating System). It has been rated as critical. This issue affects an unknown code block of the component Web Interface. The manipulation with an unknown input leads to a buffer overflow vulnerability. Using CWE to declare the problem leads to CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. Impacted is confidentiality, integrity, and availability.
The weakness was shared 01/30/2021. The advisory is shared at dlink.ru. The identification of this vulnerability is CVE-2020-29557. Technical details are unknown but an exploit is available.
It is declared as attacked. The CISA Known Exploited Vulnerabilities Catalog lists this issue since 11/03/2021 with a due date of 05/03/2022:
Apply updates per vendor instructions.Upgrading to version 3.0.1 2020-11-20 eliminates this vulnerability. The upgrade is hosted for download at dlink.ru.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.dlink.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.5VulDB Meta Temp Score: 8.4
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Buffer overflowCWE: CWE-120 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: DIR-825 R1 3.0.1 2020-11-20
Timeline
12/04/2020 🔍01/30/2021 🔍
01/30/2021 🔍
02/06/2025 🔍
Sources
Vendor: dlink.comAdvisory: dlink.ru
Status: Confirmed
CVE: CVE-2020-29557 (🔍)
GCVE (CVE): GCVE-0-2020-29557
GCVE (VulDB): GCVE-100-168929
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 01/30/2021 15:45Updated: 02/06/2025 16:52
Changes: 01/30/2021 15:45 (40), 02/21/2021 19:19 (5), 02/21/2021 19:24 (18), 04/21/2024 08:08 (27), 09/09/2024 22:29 (1), 02/06/2025 16:52 (1)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.