Information Disclosure in D-Link Router
CVE-2024-44408

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dir-823g Firmware
Vendor: CVE Published:; 6 September 2024

What is CVE-2024-44408?

The D-Link DIR-823G v1.0.2B05_20181207 is susceptible to an Information Disclosure vulnerability that permits unauthorized access to sensitive configuration files. Attackers can exploit this flaw to download configuration files that contain plaintext user passwords, leading to potential compromise of sensitive accounts and unauthorized access to the network. Securing these devices and applying the necessary updates is critical to mitigate the risk posed by this vulnerability.

References

https://github.com/lonelylonglong/openfile-/blob/main/DIR...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2024
Vulnerability Reserved
Aug 21, 2024