Misconfigured FTP Service on D-Link DSL-2888A Devices Allows Unauthorized Access to System Files

Misconfigured FTP Service on D-Link DSL-2888A Devices Allows Unauthorized Access to System Files

CVE-2020-24578 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).

Learn more about our Network Penetration Testing.