[ad_1]
D-Link has a firmware update for the Wireless access point DAP-2020 released that fixes three vulnerabilities. These could each be exploited without any authentication by attackers from neighboring networks (“network-adjacent attackers”) to execute code with root privileges (CVE-2021-27248, CVE-2021-27249, “High” classification, CVSS- Score 8.8) or to read out saved access data (CVE-2021-27250, Medium, 6.5).
Firmware versions up to and including v1.01 are affected by the vulnerabilities; D-Link has provided the hotfix v1.03rc002 and advises device owners to apply it quickly. The download link as well as further information are available D-Links Advisory on the gaps in DAP-2020 refer to.
Further information
The vulnerabilities were discovered by two security research teams, the responsible disclosure process was carried out by the Zero Day Initiative (ZDI). The latter has published descriptions of the vulnerabilities. In addition, in a detailed report, one of the teams pointed out a possible exploit chain from CVE-2021-27249 and CVE-2021-27250, which could make unauthorized network access even easier.
(ovw)
[ad_2]