CVE-2018-12103 - OpenCVE

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Dlink	Dir-890l Dir-890l Firmware
D-link	Dir-895l\/r Firmware Dir-885\/r Dir-885l\/r Firmware Dir-895\/r

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:d-link:dir-885l\/r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dir-885\/r:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:d-link:dir-895l\/r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dir-895\/r:-:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/fulldisclosure/2018/Jul/13	Mailing List Third Party Advisory
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-05T20:00:00

Updated: 2019-03-12T19:57:01

Reserved: 2018-06-11T00:00:00

Link: CVE-2018-12103

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-07-05T20:29:00.433

Modified: 2023-04-26T19:27:52.350

Link: CVE-2018-12103

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099"}, {"name": "20180702 CVE-2018-12103", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2018/Jul/13"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099", "refsource": "CONFIRM", "url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099"}, {"name": "20180702 CVE-2018-12103", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2018/Jul/13"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-12103", "datePublished": "2018-07-05T20:00:00", "dateReserved": "2018-06-11T00:00:00", "dateUpdated": "2019-03-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CFC03E5-D6C8-43CD-BD7B-9D15585CEF27", "versionEndIncluding": "1.21b02beta01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1EA89C7-4655-43A3-9D2B-D57640D56C09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dir-885l\\/r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8174965-65C2-4C75-90A3-CC4E00AE6E4F", "versionEndIncluding": "1.21b03beta01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:d-link:dir-885\\/r:-:*:*:*:*:*:*:*", "matchCriteriaId": "99E52143-C51C-4421-869A-A28A558888EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dir-895l\\/r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D98B9837-9A7A-4B86-8C8F-FAE1EA7FDE55", "versionEndIncluding": "1.21b04beta01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:d-link:dir-895\\/r:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22F5799-66EB-4C0F-8071-9DB6EF10DE62", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point."}, {"lang": "es", "value": "Se ha detectado un fallo en D-Link DIR-890L, con versiones de firmware 1.21B02beta01 y anteriores, en DIR-885L/R, con versiones de firmware 1.21B03beta01 y anteriores, y en DIR-895L/R, con versiones de firmware 1.21B04beta04 y anteriores (en todas las revisiones de hardware). Debido a la previsibilidad del URI /docs/captcha_(number).jpeg, siendo \u00e9sta local a la red pero autenticada en el panel de administrador, un atacante puede divulgar los CAPTCHA utilizados por el punto de acceso y puede elegir que se cargue el CAPTCHA de su elecci\u00f3n. Esto conduce a intentos de inicio de sesi\u00f3n no autorizados a dicho punto de acceso."}], "id": "CVE-2018-12103", "lastModified": "2023-04-26T19:27:52.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-05T20:29:00.433", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Jul/13"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}