CVE-2018-20389

Name of the Vulnerable Software and Affected Versions D-Link DCM-604 versions DCM604 C1 ViaCabo 1.04 20130606 D-Link DCM-704 version EU DCM-704 1.10

Description The issue is related to a lack of protection for service data in the web interface of D-Link router firmware. It can be exploited by a remote attacker to disclose protected information using a specially crafted SNMP request. The vulnerability allows attackers to discover credentials via specific SNMP requests, including iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0.

Recommendations For D-Link DCM-604 version DCM604 C1 ViaCabo 1.04 20130606, consider restricting access to the SNMP service to minimize the risk of exploitation. For D-Link DCM-704 version EU DCM-704 1.10, avoid using the vulnerable SNMP requests iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 until the issue is resolved.