CVE-2018-18008

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.2%
top 21.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Dlink Dir-140l FirmwareDlink Dir-640l FirmwareDlink Dsl-2770l Firmware+4 more
Timeline
PublishedDec 21
Latest updateMay 13

Description

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

NVDdlink/dwr-116_firmware4 versions+3
NVDdlink/dwr-512_firmware4 versions+3
NVDdlink/dwr-555_firmware4 versions+3
NVDdlink/dwr-921_firmware4 versions+3
NVDdlink/dir-140l_firmware1.00, 1.01ru, 1.02+2

🔴Vulnerability Details

2
GHSA
GHSA-8fvj-x967-vc6v: spaces2022-05-13
CVEList
CVE-2018-18008: spaces2018-12-21
CVE-2018-18008 (CRITICAL CVSS 9.8) | spaces.htm on multiple D-Link devic | cvebase.io