PT-2018-14243 · D Link+1 · D-Link Dir-823G+1
Published
2018-10-03
·
Updated
2023-04-26
·
CVE-2018-17880
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-823G version 2018-09-19
Description
The issue concerns the GoAhead configuration on the affected device, which allows the "/HNAP1" API endpoint to execute "RunReboot" commands without requiring authentication, thereby triggering a reboot.
Recommendations
For D-Link DIR-823G version 2018-09-19, as a temporary workaround, consider disabling the "/HNAP1" API endpoint or restricting access to it until a patch is available to prevent unauthorized reboots.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-823G
Goahead