CVE-2018-5708

Name of the Vulnerable Software and Affected Versions: D-Link DIR-601 B1 version 2.02NA

Description: An issue allows an unauthenticated user on the same local network to obtain the admin username and cleartext password from the administrator's panel. This is achieved through the configuration file restore default, which displays sensitive information in XML.

Recommendations: For D-Link DIR-601 B1 version 2.02NA, as a temporary workaround, consider restricting access to the administrator's panel and the configuration file restore default to minimize the risk of exploitation. Avoid using the device on untrusted networks until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.