Full Disclosure mailing list archives
CVE-2018-5708
From: Kevin R <krandall2013 () gmail com>
Date: Wed, 28 Mar 2018 14:13:52 -0400
Hello Seclists: Attached is my writeup for the following CVE: CVE-2018-5708
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML. ------------------------------------------ [Additional Information] I have been in contact with William Brown CISO of D-Link. Him and his team have confirmed the vulnerability and are working on a patch to address the issue. Proof of concept exists along with the email communication with William Brown if necessary. William Brown has confirmed this is a new vulnerability/finding as well. ------------------------------------------ [VulnerabilityType Other] Unauthenticated Admin username and password in cleartext response via XML ------------------------------------------ [Vendor of Product] D-Link ------------------------------------------ [Affected Product Code Base] D-Link DIR-601 - 2.02NA Hardware Version B1 ------------------------------------------ [Affected Component] The affected component is the configuration file restore_default which leaks the admin username, password along with other device information configuration information. ------------------------------------------ [Attack Type] Local ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] To exploit the vulnerability, a user must be on the local network but unauthenticated to the admin page. ------------------------------------------ [Reference] https://www.dlink.com ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Kevin Randal
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2018-5708 Kevin R (Mar 30)