CVE-2018-8898

A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.
References
Link Resource
http://packetstormsecurity.com/files/147708/D-Link-DSL-3782-Authentication-Bypass.html Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/44657/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dsl-3782_firmware:3.10.0.24:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-3782:-:*:*:*:*:*:*:*

History

26 Apr 2023, 19:27

Type Values Removed Values Added
CPE cpe:2.3:o:d-link:dsl-3782_firmware:3.10.0.24:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dsl-3782:-:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-3782:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl-3782_firmware:3.10.0.24:*:*:*:*:*:*:*

Information

Published : 2018-05-23 16:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-8898

Mitre link : CVE-2018-8898

CVE.ORG link : CVE-2018-8898


JSON object : View

Products Affected

dlink

  • dsl-3782
  • dsl-3782_firmware
CWE
CWE-287

Improper Authentication