cbcvebase.
CVE-2011-4723
published 2011-12-20

CVE-2011-4723: The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.

PriorityP271medium5.7CVSS 3.1
AVAACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-09-29
Exploited in the wild
EPSS
3.13%
86.2th percentile
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.

Detection & IOCsextracted from sources · hover to see the quote

  • D-Link DIR-300 router stores cleartext passwords; inspect device configuration storage or memory for plaintext credential exposure
  • ·The affected product (D-Link DIR-300 Router) is end-of-life; no patch is available. The recommended action is to disconnect the device if still in use.
  • ·Exploitation vector is unspecified in public disclosures, limiting precise detection rule creation; monitor for any unauthorized access or credential harvesting activity on DIR-300 devices.

CVSS provenance

nvdv3.15.7MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:C/I:N/A:N
vulncheck5.7MEDIUM
cisa5.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.