CVE-2011-4723
published 2011-12-20CVE-2011-4723: The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
PriorityP271medium5.7CVSS 3.1
AVAACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-09-29
Exploited in the wild
EPSS
3.13%
86.2th percentile
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
Detection & IOCsextracted from sources · hover to see the quote
- →D-Link DIR-300 router stores cleartext passwords; inspect device configuration storage or memory for plaintext credential exposure ↗
- ·The affected product (D-Link DIR-300 Router) is end-of-life; no patch is available. The recommended action is to disconnect the device if still in use. ↗
- ·Exploitation vector is unspecified in public disclosures, limiting precise detection rule creation; monitor for any unauthorized access or credential harvesting activity on DIR-300 devices. ↗
CVSS provenance
nvdv3.15.7MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:C/I:N/A:N
vulncheck5.7MEDIUM
cisa5.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cqpf-hj5r-9893: The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors
ghsa_unreviewed·2022-05-17
CVE-2011-4723 [MEDIUM] CWE-312 GHSA-cqpf-hj5r-9893: The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
VulnCheck
D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
vulncheck·2011·CVSS 5.7
CVE-2011-4723 [MEDIUM] CWE-310 D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.
Affected: D-Link DIR-300 Router
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://www.trendmicro.com/en_us/research/18/g/vpnfilter-affected-devices-still-riddled-with-19-vulnerabilities.html; https://www.researchgate.net/publication/348602660_An_analysis_of_the_use_of_CVEs_by_IoT_malware; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-09-29
CISA
D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
cisa·2022-09-08·CVSS 5.7
CVE-2011-4723 [MEDIUM] CWE-310 D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
Vulnerability: D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability
Affected: D-Link DIR-300 Router
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://www.dlink.com/uk/en/support/product/dir-300-wireless-g-router; https://nvd.nist.gov/vuln/detail/CVE-2011-4723
Remediation Due Date: 2022-09-29
No detection rules found.
No public exploits indexed.
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
## VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee Jul 13, 2018 Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
# VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee
2018/07/13
Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks is
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
## VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee 2018/07/13 Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks is
2011-12-20
Published
2022-09-08
Added to CISA KEV
Exploited in the wild