SB2018122601 - Information disclosure in D-Link routers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018122601

SB2018122601 - Information disclosure in D-Link routers

Published: December 26, 2018

Security Bulletin ID SB2018122601
Severity
Low
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-18009)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: gosave_ok = ("__password__".length < 6)?true:false.

2) Information disclosure (CVE-ID: CVE-2018-18008)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: xxx="__password__";.

3) Information disclosure (CVE-ID: CVE-2018-18007)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: else if(ff.curpd.value != "__password__") location="atbox_pd.htm".

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References