CVE-2018-25358

Name of the Vulnerable Software and Affected Versions D-Link DIR601 version 2.02NA

Description A credential disclosure issue allows unauthenticated attackers to retrieve sensitive configuration data. By manipulating the table name parameter in POST requests sent to the '/my cgi.cgi' endpoint, attackers can extract administrative credentials and wireless network keys in clear text. Examples of values for the table name parameter include admin user, wireless settings, and wireless security.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.