Cleartext Password Storage Vulnerability in D-Link Routers
CVE-2018-14081

9.8CRITICAL

Key Information:

Vendor: D-link
Status: Dir-809 A1 Firmware; Dir-809 A2 Firmware; Dir-809 Guestzone Firmware
Vendor: CVE Published:; 9 October 2018

Summary

A vulnerability has been identified in D-Link's DIR-809 routers that allows sensitive information, including device passwords and WPA keys, to be stored in cleartext. This exposure significantly increases the risk of unauthorized access to the device, as malicious actors may easily retrieve this critical information. Users are urged to update their device firmware and follow best security practices to mitigate potential risks.

References

https://blog.nivel4.com/investigaciones/nuevas-vulnerabil...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 9, 2018
Vulnerability Reserved
Jul 15, 2018