Remote Authentication Bypass in D-Link DSL-2770L Devices
CVE-2018-18007

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dsl-2770l Firmware
Vendor: CVE Published:; 21 December 2018

What is CVE-2018-18007?

The D-Link DSL-2770L router contains a vulnerability in the atbox.htm file, which allows remote attackers to access sensitive admin credentials without authentication. This security flaw can potentially expose the device to unauthorized control, making it crucial for users to apply necessary security measures.

References

http://www.securityfocus.com/bid/106337

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2018/Dec/38

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2018
Vulnerability Reserved
Oct 5, 2018