CVE-2020-13783

Vulnerability

The D-Link DIR-865L router running firmware version 1.20B01 Beta (Ax hardware revision) stores sensitive information in cleartext [1][2]. This includes credentials, session tokens, or other confidential data that should be encrypted. The vulnerability exists in the firmware's storage mechanism, affecting all devices with this firmware version. The product reached End of Life on February 1, 2016, but a beta patch was released [2].

Exploitation

An attacker with local network access or physical access to the device can retrieve the cleartext data from the router's filesystem or memory. No authentication is required if the attacker can access the storage directly. The Unit42 report notes that these vulnerabilities can be chained; for example, sniffing network traffic could steal session cookies [1]. However, for this specific CVE, the exploitation involves reading stored files that contain sensitive information in plaintext.

Impact

Successful exploitation leads to disclosure of sensitive information such as administrative credentials, Wi-Fi passwords, or session tokens. This can enable further attacks, including unauthorized access to the router's administrative interface, file sharing, and command execution [1]. The attacker gains the ability to compromise the router and potentially the network.

Mitigation

D-Link has released a beta patch (version 1.20B01 Beta) but the product is End of Life and no further updates are planned [2]. Users are strongly recommended to upgrade to a supported router model. As a workaround, restrict physical and network access to the device, and change default credentials. The Palo Alto Networks Next-Generation Firewalls with threat prevention provide protection with custom signatures [1].