CVE-2020-15894

N/A

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.

N/A

N/A

DIR-816L 访问控制错误漏洞

D-Link DIR-816L是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-816L 2.x版本至1.10b04Beta02之前版本存在访问控制错误漏洞。攻击者利用该漏洞检索各种敏感信息，例如管理员登录凭据。

N/A

N/A