Cleartext Password Storage Vulnerability in D-Link DSR Routers
CVE-2013-7005

Currently unrated

Key Information:

Vendor: D-Link
Status: Dsr-150 Firmware; Dsr-150
Vendor: CVE Published:; 19 December 2013

Summary

The D-Link DSR series routers exhibit a vulnerability where account passwords are stored in cleartext within configuration files. This flaw allows local users with access to the system to easily retrieve sensitive information from the /tmp/teamf1.cfg.ascii file by reading the Users[#]['Password'] fields. This security oversight can lead to unauthorized access and exploitation of user credentials, necessitating immediate action to secure affected devices.

References

http://www.exploit-db.com/exploits/30061

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
Dec 19, 2013
Vulnerability Reserved
Dec 7, 2013