CWE
863
Advisory Published
Updated

CVE-2018-12103

First published: Thu Jul 05 2018(Updated: )

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Dlink Dir-890l Firmware<=1.21b02beta01
Dlink Dir-890l
D-link Dir-885l\/r Firmware<=1.21b03beta01
D-link Dir-885\/r
D-link Dir-895l\/r Firmware<=1.21b04beta01
D-link Dir-895\/r

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2018-12103?

    CVE-2018-12103 is a vulnerability discovered on D-Link DIR-890L, DIR-885L/R, and DIR-895L/R routers with specific firmware versions.

  • How severe is CVE-2018-12103?

    CVE-2018-12103 has a severity rating of 6.5 out of 10, which is considered medium.

  • Which devices are affected by CVE-2018-12103?

    D-Link DIR-890L, DIR-885L/R, and DIR-895L/R routers are affected by CVE-2018-12103 with specific firmware versions.

  • What is the impact of CVE-2018-12103?

    CVE-2018-12103 allows an attacker to bypass CAPTCHA authentication and gain unauthorized access to the router's administration interface.

  • How can I fix CVE-2018-12103?

    To mitigate CVE-2018-12103, update your router's firmware to a version that addresses the vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203