First published: Fri Mar 30 2018(Updated: )
An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-Link DIR-601 Firmware | =2.02na | |
dlink DIR-601 firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-5708 has a high severity rating due to the potential exposure of sensitive administrator credentials.
To fix CVE-2018-5708, upgrade the firmware on D-Link DIR-601 devices to the latest version provided by the vendor.
CVE-2018-5708 affects users of D-Link DIR-601 devices running firmware version 2.02NA.
CVE-2018-5708 requires an attacker to be on the same local network, making it a local network vulnerability rather than a remote one.
Exploiting CVE-2018-5708 allows an unauthenticated user to retrieve the admin username and cleartext password, compromising device security.