CVE-2018-18008

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Dec/45 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/106344 Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2018/Dec/45 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/106344 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:dlink:dsl-2770l_firmware:me_1.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl-2770l_firmware:me_1.02:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dsl-2770l_firmware:me_1.06:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl-2770l:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:dlink:dir-140l_firmware:1.00:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-140l_firmware:1.01ru:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-140l_firmware:1.02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-140l:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:dlink:dir-640l_firmware:1.00:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-640l_firmware:1.01ru:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dir-640l_firmware:1.02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-640l:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:dlink:dwr-116_firmware:1.03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-116_firmware:1.05:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-116_firmware:2.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-116_firmware:2.02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-116:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:dlink:dwr-512_firmware:1.03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-512_firmware:1.05:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-512_firmware:2.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-512_firmware:2.02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-512:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:dlink:dwr-555_firmware:1.03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-555_firmware:1.05:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-555_firmware:2.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-555_firmware:2.02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-555:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:dlink:dwr-921_firmware:1.03:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-921_firmware:1.05:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-921_firmware:2.01:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dwr-921_firmware:2.02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dwr-921:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:55

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2018/Dec/45 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2018/Dec/45 - Mailing List, Third Party Advisory
References () http://www.securityfocus.com/bid/106344 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/106344 - Third Party Advisory, VDB Entry

Information

Published : 2018-12-21 23:29

Updated : 2024-11-21 03:55


NVD link : CVE-2018-18008

Mitre link : CVE-2018-18008

CVE.ORG link : CVE-2018-18008


JSON object : View

Products Affected

dlink

  • dir-140l_firmware
  • dwr-116_firmware
  • dir-640l_firmware
  • dsl-2770l
  • dwr-555
  • dir-640l
  • dwr-921
  • dsl-2770l_firmware
  • dwr-921_firmware
  • dwr-555_firmware
  • dir-140l
  • dwr-116
  • dwr-512_firmware
  • dwr-512
CWE
CWE-798

Use of Hard-coded Credentials