PT-2017-7751 · D Link · D-Link Dcs-1100

Bruno Morisson

Published

2017-01-09

Updated

2023-04-26

CVE-2016-10125

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions D-Link DGS-1100 devices with Rev.B firmware version 1.01.018

Description The issue concerns a hardcoded SSL private key, which enables man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.

Recommendations For D-Link DGS-1100 devices with Rev.B firmware version 1.01.018, consider disabling HTTPS until a patch or firmware update is available to prevent man-in-the-middle attacks.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2016-10125

Affected Products

D-Link Dcs-1100

PT-2017-7751 · D Link · D-Link Dcs-1100

CVE-2016-10125

Weakness Enumeration

Related Identifiers

Affected Products

References · 4