PT-2017-7751 · D Link · D-Link Dcs-1100
Bruno Morisson
·
Publicado
2017-01-09
·
Atualizado
2023-04-26
·
CVE-2016-10125
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DGS-1100 devices with Rev.B firmware version 1.01.018
Description
The issue concerns a hardcoded SSL private key, which enables man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
Recommendations
For D-Link DGS-1100 devices with Rev.B firmware version 1.01.018, consider disabling HTTPS until a patch or firmware update is available to prevent man-in-the-middle attacks.
Exploit
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
D-Link Dcs-1100