CVE-2018-12710

Name of the Vulnerable Software and Affected Versions D-Link DIR-601 version 2.02NA

Description An issue allows an attacker with low privilege "User" account access to intercept the response from a POST request and obtain "Admin" rights due to the admin password being displayed in XML. The vulnerability is related to the transmission of critical information in plain text, which can be exploited by a remote attacker to elevate their privileges.

Recommendations For D-Link DIR-601 version 2.02NA, as a temporary workaround, consider restricting access to the affected POST request endpoint until a patch is available. Avoid using the device with low privilege accounts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.