CVE-2020-13787

Vulnerability

The D-Link DIR-865L Ax router with firmware version 1.20B01 Beta (released August 9, 2018) transmits sensitive information in cleartext over the network [1][2]. This vulnerability affects the administrative web interface and other services that handle credentials or session tokens without encryption.

Exploitation

An attacker with network access to the router's traffic (e.g., on the same local network or via a compromised upstream link) can passively sniff unencrypted communications. No authentication is required to capture the cleartext data. The attacker can use packet capture tools to intercept HTTP requests and responses containing sensitive information such as session cookies or administrative credentials.

Impact

Successful exploitation allows the attacker to obtain sensitive information, including session cookies and possibly administrative credentials. With these, the attacker can hijack an active administrative session, gaining unauthorized access to the router's management interface. This can lead to further compromise, such as file manipulation or command execution, as noted in the Unit42 report [1].

Mitigation

D-Link has released a beta patch (1.20B01 Beta) but the DIR-865L reached End of Support/End of Life on February 1, 2016 [2]. No further firmware updates are planned. Users are strongly recommended to replace the device with a supported model. As a workaround, avoid using the router for sensitive transactions and ensure it is isolated from untrusted networks.