2018-08-29 21:29:00 2018-11-08 19:43:16

An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.

Vector

ADJACENT_NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Advisory Patch Confirmed Link
20180827 CVE-2018-12710
45306