CVE-2018-10824 — CRITICAL (9.8)

Q: How severe is CVE-2018-10824?

CVE-2018-10824 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-10824?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dwr-116 Firmware, Dlink Dwr-116, Dlink Dir-140L Firmware, Dlink Dir-140L, Dlink Dir-640L Firmware.

Vulnerability Description

An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0 file. An attacker having a directory traversal (or LFI) can easily get full router access.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dlink	Dwr-116 Firmware	<= 1.06
Dlink	Dwr-116	-
Dlink	Dir-140L Firmware	<= 1.02
Dlink	Dir-140L	-
Dlink	Dir-640L Firmware	<= 1.02
Dlink	Dir-640L	-
Dlink	Dwr-512 Firmware	<= 2.02
Dlink	Dwr-512	-
Dlink	Dwr-712 Firmware	<= 2.02
Dlink	Dwr-712	-
Dlink	Dwr-912 Firmware	<= 2.02
Dlink	Dwr-921	-
Dlink	Dwr-921 Firmware	<= 2.02
Dlink	Dwr-111 Firmware	<= 1.01
Dlink	Dwr-111	-

Related Weaknesses (CWE)

CWE-22 CWE-522

References

http://sploit.tech/2018/10/12/D-Link.htmlExploitThird Party Advisory
https://seclists.org/fulldisclosure/2018/Oct/36ExploitMailing ListThird Party Advisory
http://sploit.tech/2018/10/12/D-Link.htmlExploitThird Party Advisory
https://seclists.org/fulldisclosure/2018/Oct/36ExploitMailing ListThird Party Advisory

FAQ

What is CVE-2018-10824?

CVE-2018-10824 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-11...

How severe is CVE-2018-10824?

CVE-2018-10824 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-10824?

Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dwr-116 Firmware, Dlink Dwr-116, Dlink Dir-140L Firmware, Dlink Dir-140L, Dlink Dir-640L Firmware.