CVE-2018-12103

CWE-863Incorrect Authorization3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 74.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
D-link Dir-885l\/r FirmwareD-link Dir-895l\/r FirmwareDlink Dir-890l Firmware
Timeline
PublishedJul 5
Latest updateMay 13

Description

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unau

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDdlink/dir-890l_firmware1.21b02beta01
NVDd-link/dir-885l\/r_firmware1.21b03beta01
NVDd-link/dir-895l\/r_firmware1.21b04beta01

🔴Vulnerability Details

2
GHSA
GHSA-hmvr-fwh8-p62r: An issue was discovered on D-Link DIR-890L with firmware 12022-05-13
CVEList
CVE-2018-12103: An issue was discovered on D-Link DIR-890L with firmware 12018-07-05
CVE-2018-12103 (MEDIUM CVSS 6.5) | An issue was discovered on D-Link D | cvebase.io