Unauthorized Access Vulnerability in D-Link DIR-890L, DIR-885L/R, and DIR-895L/R Products
CVE-2018-12103
6.5MEDIUM
What is CVE-2018-12103?
A vulnerability exists in D-Link DIR-890L, DIR-885L/R, and DIR-895L/R devices that allows an unauthenticated attacker on the local network to exploit predictable URIs used for CAPTCHA images. This could enable the attacker to load a chosen CAPTCHA image, facilitating unauthorized login attempts to the devices' administrative panel. The affected firmware versions include 1.21B02beta01 and earlier for the DIR-890L, 1.21B03beta01 and earlier for the DIR-885L/R, and 1.21B04beta04 and earlier for the DIR-895L/R.