CVE Catalog

CVE-2018-25358

High
Published: Translated: NVD NIST

Summary

D-Link DIR601 version 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests.

Risk Assessment

Attackers can access administrative credentials and wireless network keys in clear text, posing a serious security threat to the network.

Recommendation

It is recommended to update the device firmware to the latest version and restrict access to the administrative interface to trusted users.

Original NVD description (English source)

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS