Published: 17/10/2018 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An issue exists on D-Link DWR-116 up to and including 1.06, DIR-140L up to and including 1.02, DIR-640L up to and including 1.02, DWR-512 up to and including 2.02, DWR-712 up to and including 2.02, DWR-912 up to and including 2.02, DWR-921 up to and including 2.02, and DWR-111 up to and including 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

d-link dwr-116_firmware

d-link dir-140l_firmware

d-link dir-640l_firmware

d-link dwr-512_firmware

d-link dwr-712_firmware

d-link dwr-912_firmware

d-link dwr-921_firmware

d-link dwr-111_firmware

Mailing Lists

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━                MULTIPLE VULNERABILITIES IN D-LINK ROUTERS                          Blazej Adamczyk (br0x)                        blazejadamczyk () gmai ...
Multiple D-Link router models suffer from code execution, plain-text password storage, and directory traversal vulnerabilities ...

Recent Articles

Bug Trio Affecting Eight D-Link Models Leads to Full Compromise
BleepingComputer • Ionut Ilascu • 18 Oct 2018

Several router models from D-Link are vulnerable to three security bugs that could help an attacker get full control over them.
Taken separately, the vulnerabilities are a path traversal, securing passwords in plain text and shell command execution; but by chaining them together an attacker could run code of their own on the devices.
First on the list is the path traversal security gap, identified as CVE-2018-10822, which permits a remote attacker to read arbitrary files. This issue ...

Last year, D-Link flubbed a router bug-fix, so it's back with total pwnage
The Register • Richard Chirgwin • 17 Oct 2018

Plain text password storage? Check. Directory traversal? Check. SOHOpeless? Check

Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only two are going to get patched.
Błażej Adamczyk of the Silesian University of Technology in Poland posted this month to Full Disclosure that he discovered the bugs in May of this year and notified D-Link. Despite insisting patches would be released four months ago from now, D-Link hasn't addressed the issue, so Adamczyk has gone public with the security holes.
For some of t...