Vulnerability Description
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| D-Link | Dir-809 A1 Firmware | <= 1.09 |
| D-Link | Dir-809 A2 Firmware | <= 1.11 |
| D-Link | Dir-809 Guestzone Firmware | <= 1.09 |
| Dlink | Dir-809 | All versions |
Related Weaknesses (CWE)
References
- https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-linkThird Party Advisory
- https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-linkThird Party Advisory
FAQ
What is CVE-2018-14080?
CVE-2018-14080 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.
How severe is CVE-2018-14080?
CVE-2018-14080 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-14080?
Check the references section above for vendor advisories and patch information. Affected products include: D-Link Dir-809 A1 Firmware, D-Link Dir-809 A2 Firmware, D-Link Dir-809 Guestzone Firmware, Dlink Dir-809.