An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/Mar/66 | Mailing List Third Party Advisory |
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10111 | |
https://www.exploit-db.com/exploits/44388/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-30T21:00:00
Updated: 2019-04-11T20:09:07
Reserved: 2018-01-16T00:00:00
Link: CVE-2018-5708
JSON object: View
NVD Information
Status : Modified
Published: 2018-03-30T21:29:01.870
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-5708
JSON object: View
Redhat Information
No data.
CWE