How severe is CVE-2020-15896?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-15896?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-15896 - HIGH Severity | CVSS 7.5

Vulnerability Description

An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1.

Related Vulnerabilities

CVE-2002-2438

HIGH

CVSS:7.5(High)

TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling.

CWE-2872002

CVE-2009-0130

HIGH

CVSS:7.5(High)

lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate cha...

CWE-2872009

CVE-2011-2054

HIGH

CVSS:7.5(High)

A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is ...

CWE-2872011

CVE-2012-3824

HIGH

CVSS:7.5(High)

In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.

CWE-2872012

CVE-2013-1391

HIGH

CVSS:7.5(High)

Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device configu...

CWE-2872013

CVE-2013-2569

HIGH

CVSS:7.5(High)

A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to...

CWE-2872013