CVE-2018-14081

Published: Oct 9, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.

Affected (3)

Products: D Link: Dir 809 A1 Firmware, Dir 809 A2 Firmware, Dir 809 Guestzone Firmware

D Link

3 products

Dir 809 A1 Firmware

Dir 809 A2 Firmware

Dir 809 Guestzone Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
D Link Dir 809 A1 Firmware	Up to 1.09
D Link Dir 809 A2 Firmware	Up to 1.11
D Link Dir 809 Guestzone Firmware	Up to 1.09

Running on/with	Platform Versions
Dlink Dir 809	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/

Source: cve@mitre.org

Third Party Advisory

https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.