Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtJoe Gray1337DAY-ID-30312
HistoryMay 05, 2018 - 12:00 a.m.

D-Link DIR-601 Failed Password Change Control Vulnerability

2018-05-0500:00:00
Joe Gray
0day.today
53

0.016 Low

EPSS

Percentile

87.3%

JSON

Exploit for hardware platform in category web applications

[Suggested description]
 D-Link DIR-601 A1 1.02NA devices do not require the old password for a
password change, which occurs in cleartext.

 ------------------------------------------

 [Additional Information]
 Insecure Authentication Practices in D-LINK DIR-601 Router, Hardware
version A1, Firmware Version 1.02NA

 When logging into the router, the authentication module passes the
 username and password BASE64 encoded vice encrypted. When changing the
 password a) no current password is required; and b) it passes the new
 password and username in plain text. There is also no support for
 HTTPS connections to the router.

 Due to no schedule viability D-Link asks that two items are mentioned in
disclosure:

 a) For this out of service router, users are encouraged too used DD-WRT
firmware here <http://www.dd-wrt.com/site/support/router-database>
 b) They can contact [email protected] for the latest information on
updates.

 ------------------------------------------

 [VulnerabilityType Other]
 Weak Authentication and No HTTPS support

 ------------------------------------------

 [Vendor of Product]
 D-Link

 ------------------------------------------

 [Affected Product Code Base]
 DIR 601 - Hardware A1, Firmware 1.02NA

 ------------------------------------------

 [Affected Component]
 Login, Password Changing

 ------------------------------------------

 [Attack Type]
 Context-dependent

 ------------------------------------------

 [Impact Information Disclosure]
 true

 ------------------------------------------

 [Attack Vectors]
 To exploit this, an attacker must have a proxy or man-in-the-middle attack
completed and be able to discern the URLs to intercept passed parameters.

 ------------------------------------------

 [Has vendor confirmed or acknowledged the vulnerability?]
 true

 ------------------------------------------

 [Remediation]
 Due to no schedule viability D-Link asks that two items are mentioned in
disclosure:

 a) For this out of service router, users are encouraged too used DD-WRT
firmware here
 b) They can contact [email protected] for the latest information on
updates.

 ------------------------------------------
 [References]
 http://us.dlink.com/security-advisories/
<http://us.dlink.com/security-advisories/>
 https://advancedpersistentsecurity.net/cve-2018-10641/
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10641



Joe Gray

#  0day.today [2018-05-07]  #

Related

nvd 1
cvelist 1
cve 1
prion 1
nvd
nvd
CVE-2018-10641
2018-05-04 03:29:00
cvelist
cvelist
CVE-2018-10641
2018-05-04 03:00:00
cve
cve
CVE-2018-10641
2018-05-04 03:29:00
prion
prion
Default credentials
2018-05-04 03:29:00

0.016 Low

EPSS

Percentile

87.3%

JSON
Related for 1337DAY-ID-30312
nvd1cvelist1cve1prion1