fkie_cve-2018-10824
Vulnerability from fkie_nvd
Published
2018-10-17 14:29
Modified
2024-11-21 03:42
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
References
cve@mitre.orghttp://sploit.tech/2018/10/12/D-Link.htmlExploit, Third Party Advisory
cve@mitre.orghttps://seclists.org/fulldisclosure/2018/Oct/36Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://sploit.tech/2018/10/12/D-Link.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/fulldisclosure/2018/Oct/36Exploit, Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
dlink dwr-116_firmware *
dlink dwr-116 -
dlink dir-140l_firmware *
dlink dir-140l -
dlink dir-640l_firmware *
dlink dir-640l -
dlink dwr-512_firmware *
dlink dwr-512 -
dlink dwr-712_firmware *
dlink dwr-712 -
dlink dwr-912_firmware *
dlink dwr-921 -
dlink dwr-921_firmware *
dlink dwr-921 -
dlink dwr-111_firmware *
dlink dwr-111 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B75F8993-E3DE-4E8E-A202-F65B73BCBE4B",
              "versionEndIncluding": "1.06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B307E277-9C31-4D69-B4E2-4FE28B2E2AE3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-140l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18157B-E01A-436D-BE12-67F98EED68E3",
              "versionEndIncluding": "1.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB31E266-B075-42EA-891D-B4EB8E800091",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-640l_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5749C6C-2149-4BE0-971D-B01897BEC22D",
              "versionEndIncluding": "1.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "420C6BC9-082D-47D7-9612-553B3B8EEBBA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-512_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41CAC2C7-FAC8-48DA-B28E-8112209B8898",
              "versionEndIncluding": "2.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90DE6771-50FB-492D-B931-193BB9286B52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-712_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB35A612-8DBD-46BD-80C5-4CA982D414C6",
              "versionEndIncluding": "2.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-712:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F45AFE88-4369-4CD5-BFC0-69AF3DF0A77A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-912_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FEC076-CCD2-4153-9E49-50F6BE0E4F8E",
              "versionEndIncluding": "2.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-921_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B01219-1B35-45CF-AD67-53E59C5A2C99",
              "versionEndIncluding": "2.02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43F0390E-B9E1-463A-A08C-B529778EE72F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dwr-111_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16948147-16DB-4365-A4EC-3F5B4298B564",
              "versionEndIncluding": "1.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dwr-111:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B810AA-0D3A-439F-8AD9-D42CB368343B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en dispositivos D-Link DWR-116 hasta la versi\u00f3n 1.06, DIR-140L hasta la versi\u00f3n 1.02, DWR-512 hasta la versi\u00f3n 2.02, DWR-712 hasta la versi\u00f3n 2.02, DWR-912 hasta la versi\u00f3n 2.02, DWR-921 hasta la versi\u00f3n 2.02 y DWR-111 hasta la versi\u00f3n 1.01. La contrase\u00f1a administrativa se almacena en texto plano en el archivo /tmp/csman/0. Un atacante que tenga un salto de directorio (o LFI) puede obtener f\u00e1cilmente el acceso total al router."
    }
  ],
  "id": "CVE-2018-10824",
  "lastModified": "2024-11-21T03:42:05.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-17T14:29:00.930",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://sploit.tech/2018/10/12/D-Link.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Oct/36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://sploit.tech/2018/10/12/D-Link.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2018/Oct/36"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        },
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.