What this actually is.
Technical background, root cause, and affected surface.
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
- Vendor
- D-Link
- Affected Product
- D-Link Router DIR-895L MFC
- CVE
- CVE-2020-29324
- Securin ID
- 2020-CSW-08-1048
- Status
- Fixed
- Date
- August 17, 2021
- Severity
- High
- CVSS Score
- 7.5
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-312
From one request
to root shell.
Reproduced in a sandboxed environment. Requires only LAN or WiFi adjacency.
Issues: The telnet hardcoded default credentials are the vulnerable elements in the firmware of DIR-868L.
What an attacker does to you.
Post-exploitation outcomes mapped to CVSS impact metrics.
A successful exploit could allow the attacker to gain access to the firmware and to extract sensitive data.
Fix it. In this order.
A runbook, not a checklist. Sequence matters — assume compromise before you act.
D-Link released a support announcement in response to the recommendations provided by CSW team for these D-Link products – https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10189
disclose@securin.ioVendors moved in days.
Attackers in hours.
Reconstructed from vendor advisories, CISA bulletins, and Securin research records.
Discovered in our research lab
Vulnerability reported to vendor and vendor acknowledged the vulnerability
Vendor responded saying “elevated to D-Link Corporation”.
Follow up
Vendor responded saying “should have an update in next few Days”
Follow up
Vendor responded saying need more time to review and response from R&D
Vendor responded with a support announcement.
Timeline recorded · Disclosure coordinated by Securin
Cite, verify, go deeper.
Primary sources — NVD, CISA KEV, and machine-readable IoC feed.