Remote Authentication Bypass Vulnerability in D-Link Devices
CVE-2018-18008

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dsl-2770l Firmware
Vendor: CVE Published:; 21 December 2018

Summary

A vulnerability exists in multiple D-Link devices, specifically affecting the 'spaces.htm' page, which may allow remote attackers, without prior authentication, to gain access to sensitive admin-level credentials. This exposure can lead to unauthorized access, potentially leading to further vulnerabilities in network configuration and security management. Users of affected D-Link devices should review their device configurations and apply any recommended security measures promptly. For more information, refer to Security Focus and Full Disclosure.

References

http://www.securityfocus.com/bid/106344

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2018/Dec/45

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2018
Vulnerability Reserved
Oct 5, 2018