CVE-2018-18009

Name of the Vulnerable Software and Affected Versions D-Link DIR-140L and DIR-640L devices

Description The issue is related to the storage of credentials in an open manner, allowing remote unauthenticated attackers to discover admin credentials. This can enable a remote attacker to reveal protected information, specifically the admin password.

Recommendations For D-Link DIR-140L and DIR-640L devices, consider restricting access to the dirary0.js script until a patch is available. As a temporary workaround, avoid using the default admin credentials and change them to strong, unique passwords to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.