CVE-2018-10824

high-risk

Published 2018-10-17

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.

Do I need to act?

44.0% chance of exploitation in next 30 days

EPSS score — higher than 56% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45677

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (8)

Dwr-116 Firmware

Dir-140L Firmware

Dir-640L Firmware

Dwr-512 Firmware

Dwr-712 Firmware

Dwr-912 Firmware

Dwr-921 Firmware

Dwr-111 Firmware

Affected Vendors

Dlink

References (4)

Exploit http://sploit.tech/2018/10/12/D-Link.html

Exploit https://seclists.org/fulldisclosure/2018/Oct/36

Exploit http://sploit.tech/2018/10/12/D-Link.html

Exploit https://seclists.org/fulldisclosure/2018/Oct/36

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 17/34 · Moderate

Exposure 14/34 · Moderate