CVE-2018-18008

Published: Dec 21, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.

Affected (25)

Products: Dlink: Dsl 2770l Firmware, Dir 140l Firmware, Dir 640l Firmware, Dwr 116 Firmware, Dwr 512 Firmware, Dwr 555 Firmware, Dwr 921 Firmware

7 products

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dsl 2770l Firmware	Version me_1.01
Dlink Dsl 2770l Firmware	Version me_1.02
Dlink Dsl 2770l Firmware	Version me_1.06

Running on/with	Platform Versions
Dlink Dsl 2770l	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 140l Firmware	Version 1.00
Dlink Dir 140l Firmware	Version 1.01ru
Dlink Dir 140l Firmware	Version 1.02

Running on/with	Platform Versions
Dlink Dir 140l	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 640l Firmware	Version 1.00
Dlink Dir 640l Firmware	Version 1.01ru
Dlink Dir 640l Firmware	Version 1.02

Running on/with	Platform Versions
Dlink Dir 640l	All versions

Configuration D

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dwr 116 Firmware	Version 1.03
Dlink Dwr 116 Firmware	Version 1.05
Dlink Dwr 116 Firmware	Version 2.01
Dlink Dwr 116 Firmware	Version 2.02

Running on/with	Platform Versions
Dlink Dwr 116	All versions

Configuration E

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dwr 512 Firmware	Version 1.03
Dlink Dwr 512 Firmware	Version 1.05
Dlink Dwr 512 Firmware	Version 2.01
Dlink Dwr 512 Firmware	Version 2.02

Running on/with	Platform Versions
Dlink Dwr 512	All versions

Configuration F

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dwr 555 Firmware	Version 1.03
Dlink Dwr 555 Firmware	Version 1.05
Dlink Dwr 555 Firmware	Version 2.01
Dlink Dwr 555 Firmware	Version 2.02

Running on/with	Platform Versions
Dlink Dwr 555	All versions

Configuration G

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dwr 921 Firmware	Version 1.03
Dlink Dwr 921 Firmware	Version 1.05
Dlink Dwr 921 Firmware	Version 2.01
Dlink Dwr 921 Firmware	Version 2.02

Running on/with	Platform Versions
Dlink Dwr 921	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

http://seclists.org/fulldisclosure/2018/Dec/45

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/106344

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Dec/45

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/106344

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.