Directory Traversal Vulnerability in D-Link Routers
CVE-2018-10824

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dwr-116 Firmware
Vendor: CVE Published:; 17 October 2018

Summary

A vulnerability exists in multiple D-Link router models where the administrative password is stored in plaintext in a specific directory. This configuration flaw allows an attacker to exploit a directory traversal or local file inclusion (LFI) to gain unauthorized access to sensitive router credentials, potentially leading to full control over the device. Users of affected models should take immediate steps to secure their devices to prevent exploitation.

References

https://seclists.org/fulldisclosure/2018/Oct/36

mailing-listx_refsource_FULLDISC

http://sploit.tech/2018/10/12/D-Link.html

x_refsource_MISC

EPSS Score

31% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
May 8, 2018