Unauthorized Access Vulnerability in D-Link DIR-890L, DIR-885L/R, and DIR-895L/R Products
CVE-2018-12103

6.5MEDIUM

Key Information:

Vendor: D-Link
Status: Dir-890l Firmware
Vendor: CVE Published:; 5 July 2018

Summary

A vulnerability exists in D-Link DIR-890L, DIR-885L/R, and DIR-895L/R devices that allows an unauthenticated attacker on the local network to exploit predictable URIs used for CAPTCHA images. This could enable the attacker to load a chosen CAPTCHA image, facilitating unauthorized login attempts to the devices' administrative panel. The affected firmware versions include 1.21B02beta01 and earlier for the DIR-890L, 1.21B03beta01 and earlier for the DIR-885L/R, and 1.21B04beta04 and earlier for the DIR-895L/R.

References

https://securityadvisories.dlink.com/announcement/publica...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2018/Jul/13

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 5, 2018
Vulnerability Reserved
Jun 11, 2018