Information disclosure in D-Link routers
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-18009 CVE-2018-18008 CVE-2018-18007 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
DIR-140L Hardware solutions / Routers & switches, VoIP, GSM, etc DIR-640L Hardware solutions / Routers & switches, VoIP, GSM, etc DSL-2770L Hardware solutions / Routers for home users DWR-921 Hardware solutions / Routers for home users DWR-512 Hardware solutions / Routers for home users DWR-116 Hardware solutions / Routers for home users DWR-555 Hardware solutions / Routers for home users |
| Vendor | D-Link |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU16706
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-18009
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: gosave_ok = ("__password__".length < 6)?true:false.
Cybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsDIR-140L: 1.02 - 1.02
DIR-640L: 1.02RU - 1.02RU
CPE2.3 External linkshttp://seclists.org/fulldisclosure/2018/Dec/46
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Information disclosure
EUVDB-ID: #VU16707
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-18008
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: xxx="__password__";.
Cybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsDIR-140L: 1.00 - 1.02
DIR-640L: 1.00 - 1.02RU
DSL-2770L: AU_1.06 - ME_1.02
DWR-921: 1.03 - 2.02
DWR-512: 1.03 - 2.02
DWR-116: 1.03 - 2.02
DWR-555: 1.03 - 2.02
CPE2.3 External linkshttp://seclists.org/fulldisclosure/2018/Dec/45
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
3) Information disclosure
EUVDB-ID: #VU16708
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2018-18007
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: else if(ff.curpd.value != "__password__") location="atbox_pd.htm".
Cybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsDSL-2770L: AU_1.06 - ME_1.02
CPE2.3 External linkshttp://seclists.org/fulldisclosure/2018/Dec/38
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
