Insecure Password Change in D-Link Router
CVE-2018-10641

8.1HIGH

Key Information:

Vendor
D-Link
Status
Dir-601 Firmware
Vendor
CVE Published:
4 May 2018

Summary

The D-Link DIR-601 A1 router version 1.02NA has a significant security flaw that allows users to change their passwords without entering the current password. This occurs in cleartext, leaving the authentication process vulnerable to exploitation. Attackers could potentially take advantage of this weakness to gain unauthorized access to the device settings, compromising the confidentiality and integrity of the network.

References

https://www.peerlyst.com/posts/vulnerability-disclosure-i...
x_refsource_MISC
https://advancedpersistentsecurity.net/cve-2018-10641/
x_refsource_MISC
https://gist.github.com/jocephus/806ff4679cf54af130d69777...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.