Published: 29/08/2018 Updated: 26/04/2023

CVSS v2 Base Score: 2.7 | Impact Score: 2.9 | Exploitability Score: 5.1

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 275

Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N

An issue exists on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dir-601_firmware 2.02na

# Exploit Title: DLink DIR-601 - Credential Disclosure # Google Dork: N/A # Date: 2018-06-24 # Exploit Author: Kevin Randall # Vendor Homepage: wwwdlinkcom # Software Link: N/A # Version: Firmware: 202NA Hardware Version B1 # Tested on: Windows 10 + Mozilla Firefox # CVE : CVE-2018-12710 # 1 Description # Being local to the network an ...

Full Disclosure mailing list archives   By Date By Thread </form>    CVE-2018-12710   From: Kevin R <krandall2013 () gmail com> ...

CWE-319 http://seclists.org/fulldisclosure/2018/Aug/45 https://www.exploit-db.com/exploits/45306/https://nvd.nist.gov https://www.exploit-db.com/exploits/45306/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-12710

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect