Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
D-Link DSL-2875AL Password Disclosure Vulnerability
Information
Severity
Severity
Medium
Family
Family
Web application abuses
CVSSv2 Base
CVSSv2 Base
5.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Solution Type
Solution Type
Vendor Patch
Created
Created
4 years ago
Modified
Modified
4 years ago
Summary
D-Link DSL-2875AL is prone to a password disclosure vulnerability.
Insight
Insight
It is possible to acquire lots of information about all accounts and the network, including usernames and their passwords in plaintext by examining the response for /romfile.cfg.
Affected Software
Affected Software
D-Link DSL-2875AL firmware versions 1.00.01, 1.00.05 and most likely others.
Detection Method
Detection Method
Sends a crafted HTTP GET request and checks the response.
Solution
Solution
Update firmware to version 1.00.08AU 20161011 or later.