CVE-2018-12103

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2018/Jul/13	Mailing List Third Party Advisory
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:d-link:dir-885l\/r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dir-885\/r:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:d-link:dir-895l\/r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dir-895\/r:-:*:*:*:*:*:*:*

History

26 Apr 2023, 19:27

Type	Values Removed	Values Added
CPE	cpe:2.3:o:d-link:dir-890l_firmware:::::::: cpe:2.3:h:d-link:dir-890l:-:::::::*	cpe:2.3:o:dlink:dir-890l_firmware:::::::: cpe:2.3:h:dlink:dir-890l:-:::::::*

Information

Published : 2018-07-05 20:29

Updated : 2024-02-04 19:46

NVD link : CVE-2018-12103

Mitre link : CVE-2018-12103

CVE.ORG link : CVE-2018-12103

JSON object : View

Products Affected

d-link

dir-885\/r
dir-895l\/r_firmware
dir-895\/r
dir-885l\/r_firmware

dlink

dir-890l
dir-890l_firmware

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2018-12103", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-07-05T20:29:00.433", "references": [{"url": "http://seclists.org/fulldisclosure/2018/Jul/13", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point."}, {"lang": "es", "value": "Se ha detectado un fallo en D-Link DIR-890L, con versiones de firmware 1.21B02beta01 y anteriores, en DIR-885L/R, con versiones de firmware 1.21B03beta01 y anteriores, y en DIR-895L/R, con versiones de firmware 1.21B04beta04 y anteriores (en todas las revisiones de hardware). Debido a la previsibilidad del URI /docs/captcha_(number).jpeg, siendo \u00e9sta local a la red pero autenticada en el panel de administrador, un atacante puede divulgar los CAPTCHA utilizados por el punto de acceso y puede elegir que se cargue el CAPTCHA de su elecci\u00f3n. Esto conduce a intentos de inicio de sesi\u00f3n no autorizados a dicho punto de acceso."}], "lastModified": "2023-04-26T19:27:52.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CFC03E5-D6C8-43CD-BD7B-9D15585CEF27", "versionEndIncluding": "1.21b02beta01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1EA89C7-4655-43A3-9D2B-D57640D56C09"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dir-885l\\/r_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8174965-65C2-4C75-90A3-CC4E00AE6E4F", "versionEndIncluding": "1.21b03beta01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:d-link:dir-885\\/r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "99E52143-C51C-4421-869A-A28A558888EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dir-895l\\/r_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D98B9837-9A7A-4B86-8C8F-FAE1EA7FDE55", "versionEndIncluding": "1.21b04beta01"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:d-link:dir-895\\/r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B22F5799-66EB-4C0F-8071-9DB6EF10DE62"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}