[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAM-upGr6wP8Hn33Mgyf0i3=UczZixxfnfamUPQ_Ph0PGoYqJ_w@mail.gmail.com>
Date: Wed, 28 Mar 2018 14:13:52 -0400
From: Kevin R <krandall2013@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2018-5708
Hello Seclists:
Attached is my writeup for the following CVE: CVE-2018-5708
> An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on
> the same local network as, but being unauthenticated to, the
> administrator's panel, a user can obtain the admin username and
> cleartext password in the response (specifically, the configuration
> file restore_default), which is displayed in XML.
>
> ------------------------------------------
>
> [Additional Information]
> I have been in contact with William Brown CISO of D-Link. Him and his
> team have confirmed the vulnerability and are working on a patch to
> address the issue. Proof of concept exists along with the email
> communication with William Brown if necessary. William Brown has
> confirmed this is a new vulnerability/finding as well.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Unauthenticated Admin username and password in cleartext response via XML
>
> ------------------------------------------
>
> [Vendor of Product]
> D-Link
>
> ------------------------------------------
>
> [Affected Product Code Base]
> D-Link DIR-601 - 2.02NA Hardware Version B1
>
> ------------------------------------------
>
> [Affected Component]
> The affected component is the configuration file restore_default which
> leaks the admin username, password along with other device information
> configuration information.
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit the vulnerability, a user must be on the local network but
> unauthenticated to the admin page.
>
> ------------------------------------------
>
> [Reference]
> https://www.dlink.com
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Kevin Randal
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists