Cleartext Password Storage Vulnerability in D-Link DSR Routers
CVE-2013-7005

Currently unrated

Key Information:

Vendor: D-Link
Status: Dsr-150 Firmware; Dsr-150
Vendor: CVE Published:; 19 December 2013

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2013-7005?

The D-Link DSR series routers exhibit a vulnerability where account passwords are stored in cleartext within configuration files. This flaw allows local users with access to the system to easily retrieve sensitive information from the /tmp/teamf1.cfg.ascii file by reading the Users[#]['Password'] fields. This security oversight can lead to unauthorized access and exploitation of user credentials, necessitating immediate action to secure affected devices.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-7005 - Proof of Concept

References

http://www.exploit-db.com/exploits/30061

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 19, 2013
👾
Exploit known to exist
Dec 19, 2013
Vulnerability published
Dec 19, 2013
Vulnerability Reserved
Dec 7, 2013

CVE-2013-7005 Data

JSON