CVE-2018-10824

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
References
Link Resource
http://sploit.tech/2018/10/12/D-Link.html Exploit Third Party Advisory
https://seclists.org/fulldisclosure/2018/Oct/36 Exploit Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:*

History

26 Apr 2023, 19:27

Type Values Removed Values Added
CPE cpe:2.3:o:d-link:dir-640l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dwr-912_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dwr-111:-:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dwr-712_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dwr-116_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dir-140l:-:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dir-140l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dwr-912:-:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dwr-512_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dwr-921_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dwr-512:-:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dwr-116:-:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dwr-712:-:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dir-640l:-:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dwr-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:*

Information

Published : 2018-10-17 14:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-10824

Mitre link : CVE-2018-10824

CVE.ORG link : CVE-2018-10824


JSON object : View

Products Affected

dlink

  • dwr-512_firmware
  • dwr-912_firmware
  • dwr-111
  • dir-140l_firmware
  • dir-140l
  • dwr-712
  • dwr-712_firmware
  • dir-640l
  • dwr-116_firmware
  • dwr-921_firmware
  • dwr-111_firmware
  • dir-640l_firmware
  • dwr-512
  • dwr-116
  • dwr-921
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-522

Insufficiently Protected Credentials