CVE-2020-29323

{"id": "CVE-2020-29323", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-06-04T20:15:07.687", "references": [{"url": "https://cybersecurityworks.com/zerodays/cve-2020-29323-telnet-hardcoded-credentials.html", "tags": ["Exploit", "Third Party Advisory"], "source": "disclose@cybersecurityworks.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}, {"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data."}, {"lang": "es", "value": "El router D-link DIR-885L-MFC versiones 1.15b02, v1.21b05 es vulnerable a una divulgaci\u00f3n de credenciales en el servicio telnet a trav\u00e9s de la descompilaci\u00f3n del firmware, lo que permite a un atacante no autenticado conseguir acceso al firmware y extraer datos confidenciales"}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-885l-mfc_firmware:1.15b02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3234D13D-27D9-4906-A084-49FA001071A3"}, {"criteria": "cpe:2.3:o:dlink:dir-885l-mfc_firmware:1.21b05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94868CC2-241E-40E1-BA93-6ABE6148908B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-885l-mfc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEAC5C5B-B743-4BE0-89B1-E868BFCA987F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "disclose@cybersecurityworks.com"}