An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
References
Link | Resource |
---|---|
http://sploit.tech/2018/10/12/D-Link.html | Exploit Third Party Advisory |
https://seclists.org/fulldisclosure/2018/Oct/36 | Exploit Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
26 Apr 2023, 19:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:d-link:dwr-912_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:d-link:dwr-111:-:*:*:*:*:*:*:* cpe:2.3:o:d-link:dwr-712_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:d-link:dwr-116_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-140l:-:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-140l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:d-link:dwr-912:-:*:*:*:*:*:*:* cpe:2.3:o:d-link:dwr-512_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:d-link:dwr-921_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:d-link:dwr-512:-:*:*:*:*:*:*:* cpe:2.3:h:d-link:dwr-116:-:*:*:*:*:*:*:* cpe:2.3:h:d-link:dwr-712:-:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-640l:-:*:*:*:*:*:*:* cpe:2.3:o:d-link:dwr-111_firmware:*:*:*:*:*:*:*:* |
cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:* |
Information
Published : 2018-10-17 14:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-10824
Mitre link : CVE-2018-10824
CVE.ORG link : CVE-2018-10824
JSON object : View
Products Affected
dlink
- dwr-512_firmware
- dwr-912_firmware
- dwr-111
- dir-140l_firmware
- dir-140l
- dwr-712
- dwr-712_firmware
- dir-640l
- dwr-116_firmware
- dwr-921_firmware
- dwr-111_firmware
- dir-640l_firmware
- dwr-512
- dwr-116
- dwr-921