CVE-2018-5708

Published: Mar 30, 2018Modified: Nov 21, 2024

8.0

Vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.

Affected (1)

Products: Dlink: Dir 601 Firmware

1 product

Dir 601 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 601 Firmware	Version 2.02na

Running on/with	Platform Versions
Dlink Dir 601	All versions

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

http://seclists.org/fulldisclosure/2018/Mar/66

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10111

Source: cve@mitre.org

https://www.exploit-db.com/exploits/44388/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2018/Mar/66

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10111

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/44388/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.