CVE-2018-20675

Published Jan 9, 2019

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-822_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DCBEAD7-2C7B-43FC-9352-B520F31035EE",
            "versionEndIncluding": "3.10b06"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-822:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B3894F0E-37F8-4A89-87AC-1DB524D4AE04"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-822-us_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "820E41C7-8D99-4B71-8C6E-9064E5173168",
            "versionEndIncluding": "3.10b06"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-822-us:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "670ED1ED-F14F-45F6-BE40-F3F1B1ED853F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E47C6FC0-783C-4D65-9F26-0E2C2E288936",
            "versionEndIncluding": "1.21b07"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-850l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE9D7484-AB7F-4276-BAEF-C0D6AC698123",
            "versionEndIncluding": "2.21b01"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dir-850l_firmware:2.22b02:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92FF706E-89F6-47BA-988D-A78B7AD1FAC0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-850l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "607DDB44-0E4E-4606-8909-B624345688D4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-880l_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CF193C4-D65C-4708-83A4-7D1859B1E978",
            "versionEndIncluding": "1.07.b08"
          },
          {
            "criteria": "cpe:2.3:o:dlink:dir-880l_firmware:1.20b01:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "678EA257-C88B-4447-A318-C2F799D57A46"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC772491-6371-4712-B358-E74D9C5062FD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References