First published: Thu Jul 05 2018(Updated: )
An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-890l Firmware | <=1.21b02beta01 | |
Dlink Dir-890l | ||
D-link Dir-885l\/r Firmware | <=1.21b03beta01 | |
D-link Dir-885\/r | ||
D-link Dir-895l\/r Firmware | <=1.21b04beta01 | |
D-link Dir-895\/r |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-12103 is a vulnerability discovered on D-Link DIR-890L, DIR-885L/R, and DIR-895L/R routers with specific firmware versions.
CVE-2018-12103 has a severity rating of 6.5 out of 10, which is considered medium.
D-Link DIR-890L, DIR-885L/R, and DIR-895L/R routers are affected by CVE-2018-12103 with specific firmware versions.
CVE-2018-12103 allows an attacker to bypass CAPTCHA authentication and gain unauthorized access to the router's administration interface.
To mitigate CVE-2018-12103, update your router's firmware to a version that addresses the vulnerability.