CVE-2018-5708
First published: Fri Mar 30 2018(Updated: )
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| D-Link DIR-601 Firmware | =2.02na | |
| dlink DIR-601 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5708?
CVE-2018-5708 has a high severity rating due to the potential exposure of sensitive administrator credentials.
How do I fix CVE-2018-5708?
To fix CVE-2018-5708, upgrade the firmware on D-Link DIR-601 devices to the latest version provided by the vendor.
Who is affected by CVE-2018-5708?
CVE-2018-5708 affects users of D-Link DIR-601 devices running firmware version 2.02NA.
Can CVE-2018-5708 be exploited remotely?
CVE-2018-5708 requires an attacker to be on the same local network, making it a local network vulnerability rather than a remote one.
What are the consequences of CVE-2018-5708?
Exploiting CVE-2018-5708 allows an unauthenticated user to retrieve the admin username and cleartext password, compromising device security.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dlink
- canonical/d-link dir-601 firmware
- version/d-link dir-601 firmware/2.02na
- canonical/dlink dir-601 firmware