Vulnerability Description
An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-890L Firmware | <= 1.21b02beta01 |
| Dlink | Dir-890L | - |
| D-Link | Dir-885L\/R Firmware | <= 1.21b03beta01 |
| D-Link | Dir-885\/R | - |
| D-Link | Dir-895L\/R Firmware | <= 1.21b04beta01 |
| D-Link | Dir-895\/R | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/Jul/13Mailing ListThird Party Advisory
- https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099Vendor Advisory
- http://seclists.org/fulldisclosure/2018/Jul/13Mailing ListThird Party Advisory
- https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099Vendor Advisory
FAQ
What is CVE-2018-12103?
CVE-2018-12103 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (...
How severe is CVE-2018-12103?
CVE-2018-12103 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-12103?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-890L Firmware, Dlink Dir-890L, D-Link Dir-885L\/R Firmware, D-Link Dir-885\/R, D-Link Dir-895L\/R Firmware.