Remote Authentication Bypass in D-Link DSL-2770L Devices
CVE-2018-18007

9.8CRITICAL

Key Information:

Vendor

D-Link
Status
Dsl-2770l Firmware
Vendor
CVE Published:
21 December 2018

What is CVE-2018-18007?

The D-Link DSL-2770L router contains a vulnerability in the atbox.htm file, which allows remote attackers to access sensitive admin credentials without authentication. This security flaw can potentially expose the device to unauthorized control, making it crucial for users to apply necessary security measures.

References

http://www.securityfocus.com/bid/106337
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Dec/38
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.