CVE-2018-10824: Path Traversal
First published: Wed Oct 17 2018(Updated: )
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DWR-116 Firmware | <=1.06 | |
| D-Link DWR-116 | ||
| D-Link DIR-140L Firmware | <=1.02 | |
| D-Link DIR-140L | ||
| D-Link DIR-640L Firmware | <=1.02 | |
| D-Link DIR-640L | ||
| D-Link DWR-512 Firmware | <=2.02 | |
| D-Link DWR-512 | ||
| D-Link DWR-712 firmware | <=2.02 | |
| D-Link DWR-712 firmware | ||
| D-Link DWR-912 Firmware | <=2.02 | |
| D-Link DWR-921 Firmware | ||
| D-Link DWR-921 Firmware | <=2.02 | |
| D-Link DWR-921 | ||
| D-Link DWR-111 Firmware | <=1.01 | |
| dlink DWR-111 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-10824?
CVE-2018-10824 has a medium severity level due to the exposure of administrative passwords.
How do I fix CVE-2018-10824?
To fix CVE-2018-10824, it is recommended to update the affected D-Link device firmware to the latest version.
Which D-Link devices are affected by CVE-2018-10824?
CVE-2018-10824 affects various D-Link devices including DWR-116, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, DWR-921, and DWR-111.
What kind of data is compromised in CVE-2018-10824?
CVE-2018-10824 compromises administrative passwords that are stored in plaintext.
What should I do if I am using an affected D-Link device and cannot update?
If you are unable to update your affected D-Link device, it is critical to change the default administrative password and limit device exposure to the internet.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/author
- vendor/dlink
- canonical/d-link dwr-116 firmware
- version/d-link dwr-116 firmware/1.06
- canonical/d-link dwr-116
- canonical/d-link dir-140l firmware
- version/d-link dir-140l firmware/1.02
- canonical/d-link dir-140l
- canonical/d-link dir-640l firmware
- version/d-link dir-640l firmware/1.02
- canonical/d-link dir-640l
- canonical/d-link dwr-512 firmware
- version/d-link dwr-512 firmware/2.02
- canonical/d-link dwr-512
- canonical/d-link dwr-712 firmware
- version/d-link dwr-712 firmware/2.02
- canonical/d-link dwr-912 firmware
- version/d-link dwr-912 firmware/2.02
- vendor/d-link
- canonical/d-link dwr-921 firmware
- version/d-link dwr-921 firmware/2.02
- canonical/d-link dwr-921
- canonical/d-link dwr-111 firmware
- version/d-link dwr-111 firmware/1.01
- canonical/dlink dwr-111 firmware