PT-2017-7166 · D Link · Dvg-N5402Sp
Karn Ganeshen
·
Published
2017-04-24
·
Updated
2023-04-26
·
CVE-2015-7247
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DVG-N5402SP versions W1000CN-00, W1000CN-03, W2000EN-00
Description
The issue allows remote attackers to obtain sensitive information, including usernames, passwords, keys, values, and web account hashes for super and admin accounts, when a configuration backup is run. This information is disclosed in plaintext.
Recommendations
For D-Link DVG-N5402SP with firmware W1000CN-00, consider updating to a newer version that addresses this issue.
For D-Link DVG-N5402SP with firmware W1000CN-03, consider updating to a newer version that addresses this issue.
For D-Link DVG-N5402SP with firmware W2000EN-00, consider updating to a newer version that addresses this issue.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dvg-N5402Sp