[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [FD] CVE-2018-5708
From:       Kevin R <krandall2013 () gmail ! com>
Date:       2018-03-28 18:13:52
Message-ID: CAM-upGr6wP8Hn33Mgyf0i3=UczZixxfnfamUPQ_Ph0PGoYqJ_w () mail ! gmail ! com
[Download RAW message or body]

Hello Seclists:

Attached is my writeup for the following CVE: CVE-2018-5708
> An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on
> the same local network as, but being unauthenticated to, the
> administrator's panel, a user can obtain the admin username and
> cleartext password in the response (specifically, the configuration
> file restore_default), which is displayed in XML.
>
> ------------------------------------------
>
> [Additional Information]
> I have been in contact with William Brown CISO of D-Link. Him and his
> team have confirmed the vulnerability and are working on a patch to
> address the issue. Proof of concept exists along with the email
> communication with William Brown if necessary. William Brown has
> confirmed this is a new vulnerability/finding as well.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Unauthenticated Admin username and password in cleartext response via XML
>
> ------------------------------------------
>
> [Vendor of Product]
> D-Link
>
> ------------------------------------------
>
> [Affected Product Code Base]
> D-Link DIR-601 - 2.02NA Hardware Version B1
>
> ------------------------------------------
>
> [Affected Component]
> The affected component is the configuration file restore_default which
> leaks the admin username, password along with other device information
> configuration information.
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> To exploit the vulnerability, a user must be on the local network but
> unauthenticated to the admin page.
>
> ------------------------------------------
>
> [Reference]
> https://www.dlink.com
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Kevin Randal

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]