Published: 30/03/2018 Updated: 03/10/2019

CVSS v2 Base Score: 6.1 | Impact Score: 6.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 615

Vector: AV:A/AC:L/Au:N/C:C/I:N/A:N

An issue exists on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dir-601_firmware 2.02na

# Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure # Google Dork: N/A # Date: 12/24/2017 # Exploit Author: Kevin Randall # Vendor Homepage: wwwdlinkcom # Software Link: N/A # Version: Firmware: 202NA Hardware Version B1 # Tested on: Windows 10 + Mozilla Firefox # CVE : CVE-2018-5708 *Been in contact with William Br ...

D-Link DIR-601 suffers from an administrative password disclosure vulnerability ...

CWE-522 http://seclists.org/fulldisclosure/2018/Mar/66 https://www.exploit-db.com/exploits/44388/https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10111 https://nvd.nist.gov https://www.exploit-db.com/exploits/44388/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-5708

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect