PT-2018-3893 · D Link · D-Link Dir-809 Guest Zone+2
Published
2018-10-09
·
Updated
2023-04-26
·
CVE-2018-14081
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-809 A1 versions 1.09 and earlier
D-Link DIR-809 A2 versions 1.11 and earlier
D-Link DIR-809 Guest Zone versions 1.09 and earlier
Description
The issue concerns the storage of device passwords, including the admin password and the WPA key, in cleartext. This is related to insufficient protection of registration data, which could allow a remote attacker to disclose protected information.
Recommendations
For D-Link DIR-809 A1 versions 1.09 and earlier, update the firmware to a version that stores passwords securely.
For D-Link DIR-809 A2 versions 1.11 and earlier, update the firmware to a version that stores passwords securely.
For D-Link DIR-809 Guest Zone versions 1.09 and earlier, update the firmware to a version that stores passwords securely.
As a temporary workaround, consider changing the admin password and the WPA key to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
D-Link Dir-809 A1
D-Link Dir-809 A2
D-Link Dir-809 Guest Zone