CVE-2013-7005

Name of the Vulnerable Software and Affected Versions D-Link DSR-150 versions prior to 1.08B44 D-Link DSR-150N versions prior to 1.05B64 D-Link DSR-250 versions prior to 1.08B44 D-Link DSR-250N versions prior to 1.08B44 D-Link DSR-500 versions prior to 1.08B77 D-Link DSR-500N versions prior to 1.08B77 D-Link DSR-1000 versions prior to 1.08B77 D-Link DSR-1000N versions prior to 1.08B77

Description The issue allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in the "/tmp/teamf1.cfg.ascii" file, as account passwords are stored in cleartext. This affects the file system of the D-Link DSR routers, where user passwords are stored in open form in the /tmp/teamf1.cfg.ascii file.

Recommendations For D-Link DSR-150 versions prior to 1.08B44, update the firmware to version 1.08B44 or later. For D-Link DSR-150N versions prior to 1.05B64, update the firmware to version 1.05B64 or later. For D-Link DSR-250 versions prior to 1.08B44, update the firmware to version 1.08B44 or later. For D-Link DSR-250N versions prior to 1.08B44, update the firmware to version 1.08B44 or later. For D-Link DSR-500 versions prior to 1.08B77, update the firmware to version 1.08B77 or later. For D-Link DSR-500N versions prior to 1.08B77, update the firmware to version 1.08B77 or later. For D-Link DSR-1000 versions prior to 1.08B77, update the firmware to version 1.08B77 or later. For D-Link DSR-1000N versions prior to 1.08B77, update the firmware to version 1.08B77 or later.