Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-12710

CWE-319Cleartext Transmission4 documents4 sources
Severity
8.0HIGH
EPSS
58.5%
top 1.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Dlink Dir-601 Firmware
Timeline
PublishedAug 29
Latest updateMay 13

Description

An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5wr7-m75g-xc37: An issue was discovered on D-Link DIR-601 22022-05-13
CVEList
CVE-2018-12710: An issue was discovered on D-Link DIR-601 22018-08-29

💥Exploits & PoCs

1
Exploit-DB
DLink DIR-601 - Credential Disclosure2018-08-30
CVE-2018-12710 (HIGH CVSS 8) | An issue was discovered on D-Link D | cvebase.io