Authentication Bypass in D-Link DIR-809 Routers
CVE-2018-14080

7.5HIGH

Key Information:

Vendor: D-link
Status: Dir-809 A1 Firmware; Dir-809 A2 Firmware; Dir-809 Guestzone Firmware
Vendor: CVE Published:; 9 October 2018

What is CVE-2018-14080?

A flaw in D-Link DIR-809 routers allows attackers to bypass authentication mechanisms, enabling unauthorized users to download the router's configuration file. This can potentially lead to the exposure of sensitive data and unauthorized control over the router, putting users' networks at risk.

References

https://blog.nivel4.com/investigaciones/nuevas-vulnerabil...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2018
Vulnerability Reserved
Jul 15, 2018

D-link

What is CVE-2018-14080?

References

CVSS V3.1

Timeline