PT-2018-14244 · D Link+1 · D-Link Dir-823G+1
Hac425
·
Published
2018-10-03
·
Updated
2023-04-26
·
CVE-2018-17881
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-823G version 2018-09-19
Description
The issue allows unauthorized changes to the admin password through the GoAhead configuration, specifically by sending /HNAP1 SetPasswdSettings commands without proper authentication.
Recommendations
For D-Link DIR-823G version 2018-09-19, as a temporary workaround, consider restricting access to the GoAhead configuration to prevent unauthorized password changes until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-823G
Goahead