Vulners
Lucene search
DLINK DPH-400SE - Exposure of Sensitive Information
# Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information
# Date : 25-08-2023
# Exploit Author : tahaafarooq
# Vendor Homepage : https://dlink.com/
# Version : FRU2.2.15.8
# Tested on: DLINK DPH-400SE (VoIP Phone)
Description:
With default credential for the guest user "guest:guest" to login on the web portal, the guest user can head to maintenance tab under access and modify the users which allows guest user to modify all users as well as view passwords for all users. For a thorough POC writeup visit: https://hackmd.io/@tahaafarooq/dlink-dph-400se-cwe-200
POC :
1. Login with the default guest credentials "guest:guest"
2. Access the Maintenance tab.
3. Under the maintenance tab, access the "Access" feature
4. On "Account Option" choose a user to modify, thus "Admin" and click modify.
5. Right click on the password, and click reveal, the password is then seen in plaintext.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Sep 2023 00:00Current
7.4High risk
Vulners AI Score7.4