PT-2018-3885 · D Link · D-Link Dir-809 Guest Zone+2
Published
2018-10-09
·
Updated
2023-04-26
·
CVE-2018-14080
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-809 A1 versions 1.09 and earlier
D-Link DIR-809 A2 versions 1.11 and earlier
D-Link DIR-809 Guest Zone versions 1.09 and earlier
Description
An issue allows bypassing authentication mechanisms to download the configuration file. The vulnerability is related to deficiencies in the authentication procedure, which can be exploited by a remote attacker to bypass existing security restrictions and download the configuration file.
Recommendations
For D-Link DIR-809 A1 versions 1.09 and earlier, update to a version later than 1.09 to resolve the issue.
For D-Link DIR-809 A2 versions 1.11 and earlier, update to a version later than 1.11 to resolve the issue.
For D-Link DIR-809 Guest Zone versions 1.09 and earlier, update to a version later than 1.09 to resolve the issue.
As a temporary workaround, consider restricting access to the configuration file until a patch is available.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-809 A1
D-Link Dir-809 A2
D-Link Dir-809 Guest Zone