PT-2024-7783 · D Link · D-Link Dir-823G
Published
2024-08-07
·
Updated
2024-09-10
·
CVE-2024-44408
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
D-Link DIR-823G version 1.0.2B05 20181207
Description
The issue is related to insufficient protection of service data, allowing unauthorized configuration file downloads. These configuration files contain plaintext user passwords, which can be accessed by an attacker, potentially leading to information disclosure.
Recommendations
For D-Link DIR-823G version 1.0.2B05 20181207, consider restricting access to configuration files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using or storing sensitive information, such as plaintext user passwords, in the configuration files.
Exploit
Fix
Missing Authorization
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
D-Link Dir-823G