CVE-2018-18007

Published: 21/12/2018 Updated: 23/04/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated malicious users to discover admin credentials.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dsl-2770l firmware me 1.01
dlink dsl-2770l firmware me 1.02
dlink dsl-2770l firmware me 1.06

D-Link DSL-2770L suffers from an administrative credential disclosure vulnerability ...

Correction of the typo: "An authenticated user can visit the page atboxhtm" should be "An unauthenticated user can visit the page atboxhtm" ________________________________ From: Tyler Cui Sent: Monday, 17 December 2018 12:09 AM To: fulldisclosure () seclists org Subject: [CVE-2018-18007] atboxhtm on D-Link DSL-2770L devices allows remote unaut ...

[Vendor] usdlinkcom [Product] D-Link DSL-2770L (version ME_101, ME_102, AU_106) [Vulnerability Type] admin credentials disclosure [Affected Component] Web Interface [CVE Reference] CVE-2018-18007 [Security Issue] An authenticated user can visit the page atboxhtm, for example, victime_ip/atboxhtm, and obtain clear text passw ...

CWE-798 http://seclists.org/fulldisclosure/2018/Dec/38 http://www.securityfocus.com/bid/106337 https://nvd.nist.gov http://seclists.org/fulldisclosure/2019/Jan/4

CVE-2018-18007

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect