Lucene search

MitreCVE-2018-10824

HistoryOct 17, 2018 - 2:29 p.m.

CVE-2018-10824

2018-10-1714:29:00

CWE-522

CWE-22

mitre

web.nvd.nist.gov

cve

d-link

router

plaintext

admin password

security issue

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.28

Percentile

96.9%

JSON

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.

Affected configurations

Nvd

Node

dlinkdwr-116_firmwareRange≤1.06

AND

dlinkdwr-116Match-

Node

dlinkdir-140l_firmwareRange≤1.02

AND

dlinkdir-140lMatch-

Node

dlinkdir-640l_firmwareRange≤1.02

AND

dlinkdir-640lMatch-

Node

dlinkdwr-512_firmwareRange≤2.02

AND

dlinkdwr-512Match-

Node

dlinkdwr-712_firmwareRange≤2.02

AND

dlinkdwr-712Match-

Node

dlinkdwr-912_firmwareRange≤2.02

AND

dlinkdwr-921Match-

Node

dlinkdwr-921_firmwareRange≤2.02

AND

dlinkdwr-921Match-

Node

dlinkdwr-111_firmwareRange≤1.01

AND

dlinkdwr-111Match-

VendorProductVersionCPE
dlinkdwr-116_firmware*cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*
dlinkdwr-116-cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*
dlinkdir-140l_firmware*cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:*
dlinkdir-140l-cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*
dlinkdir-640l_firmware*cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:*
dlinkdir-640l-cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*
dlinkdwr-512_firmware*cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*
dlinkdwr-512-cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*
dlinkdwr-712_firmware*cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:*
dlinkdwr-712-cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dlink	dwr-116_firmware	*	cpe:2.3:o:dlink:dwr-116_firmware::::::::
dlink	dwr-116	-	cpe:2.3:h:dlink:dwr-116:-:::::::*
dlink	dir-140l_firmware	*	cpe:2.3:o:dlink:dir-140l_firmware::::::::
dlink	dir-140l	-	cpe:2.3:h:dlink:dir-140l:-:::::::*
dlink	dir-640l_firmware	*	cpe:2.3:o:dlink:dir-640l_firmware::::::::
dlink	dir-640l	-	cpe:2.3:h:dlink:dir-640l:-:::::::*
dlink	dwr-512_firmware	*	cpe:2.3:o:dlink:dwr-512_firmware::::::::
dlink	dwr-512	-	cpe:2.3:h:dlink:dwr-512:-:::::::*
dlink	dwr-712_firmware	*	cpe:2.3:o:dlink:dwr-712_firmware::::::::
dlink	dwr-712	-	cpe:2.3:h:dlink:dwr-712:-:::::::*