Information disclosure in D-Link routers
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-18009 CVE-2018-18008 CVE-2018-18007 |
| CWE-ID | CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
DIR-140L Hardware solutions / Routers & switches, VoIP, GSM, etc DIR-640L Hardware solutions / Routers & switches, VoIP, GSM, etc DSL-2770L Hardware solutions / Routers for home users DWR-921 Hardware solutions / Routers for home users DWR-512 Hardware solutions / Routers for home users DWR-116 Hardware solutions / Routers for home users DWR-555 Hardware solutions / Routers for home users |
| Vendor | D-Link |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU16706
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18009
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: gosave_ok = ("__password__".length < 6)?true:false.
Cybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsDIR-140L: 1.02
DIR-640L: 1.02RU
CPE2.3 External linkshttps://seclists.org/fulldisclosure/2018/Dec/46
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU16707
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18008
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: xxx="__password__";.
Cybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsDIR-140L: 1.00 - 1.02
DIR-640L: 1.00 - 1.02RU
DSL-2770L: ME_1.01 - AU_1.06
DWR-921: 1.03 - 2.02
DWR-512: 1.03 - 2.02
DWR-116: 1.03 - 2.02
DWR-555: 1.03 - 2.02
CPE2.3- cpe:2.3:h:d-link:dir-140l:1.00:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dir-140l:1.01RU:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dir-140l:1.02:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dir-640l:1.00:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dir-640l:1.01RU:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dir-640l:1.02:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dsl-2770l:ME_1.01:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dsl-2770l:ME_1.02:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dsl-2770l:AU_1.06:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dwr-921:1.03:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dwr-512:1.03:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dwr-116:1.03:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dwr-555:1.03:*:*:*:*:*:*:*
https://seclists.org/fulldisclosure/2018/Dec/45
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU16708
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-18007
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unspecified flaw. A remote attack can obtain clear text password of user admin at the line: else if(ff.curpd.value != "__password__") location="atbox_pd.htm".
Cybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsDSL-2770L: ME_1.01 - AU_1.06
CPE2.3- cpe:2.3:h:d-link:dsl-2770l:ME_1.01:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dsl-2770l:ME_1.02:*:*:*:*:*:*:*
- cpe:2.3:h:d-link:dsl-2770l:AU_1.06:*:*:*:*:*:*:*
https://seclists.org/fulldisclosure/2018/Dec/38
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
