CVE-2021-20696

Description

DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.

Related CPE's

o dlink dap-1880ac_firmware ********

h dlink dap-1880ac -*******

References

https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html

Vendor Advisory

https://jvn.jp/en/vu/JVNVU92898656/index.html

Third Party Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	LOW
BaseScore	8.8
VectorString	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	9
VectorString	AV:N/AC:L/Au:S/C:C/I:C/A:C
Version	2.0
AccessVector	NETWORK
Authentication	SINGLE