CVE-2020-13784

Vulnerability

CVE-2020-13784 affects D-Link DIR-865L hardware revision Ax running firmware version 1.20B01 Beta (released August 9, 2018). The router uses a pseudo-random number generator (PRNG) with a predictable seed, which undermines the randomness of numbers it produces. This vulnerability is present in the firmware and does not require any special configuration to be reachable.

Exploitation

An attacker with network access to the router can observe or infer outputs from the PRNG (for example, session tokens, cryptographic keys, or challenge values) and, knowing the weak seeding algorithm, predict future outputs. No authentication is required to exploit the weakness if the attacker can obtain even a few PRNG outputs through normal traffic analysis or previous interactions.

Impact

Successful exploitation allows an attacker to predict cryptographic material or session tokens generated by the router. This can lead to session hijacking, bypass of authentication mechanisms, or compromise of encrypted communications, ultimately exposing sensitive information or enabling further attacks against the device and its network.

Mitigation

D-Link released a beta patch (version 1.20B01 Beta) but the DIR-865L reached its End of Support / End of Life date on February 1, 2016. No further firmware updates are available. Users are strongly recommended to replace the device with a supported model. A workaround is not provided. This vulnerability is not listed on the CISA KEV as of the publication date. [1], [2]