D-Link DSL-2875AL Password Disclosure Vulnerability

Published: 2019-09-25 10:50:05

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Detection Type:
Remote Vulnerability

Solution Type:
Vendor Patch

Summary:
D-Link DSL-2875AL is prone to a password disclosure vulnerability.

Detection Method:
Sends a crafted HTTP GET request and checks the response.

Technical Details:
It is possible to acquire lots of information about all accounts and the network, including usernames and their passwords in plaintext by examining the response for /romfile.cfg.

Affected Versions:
D-Link DSL-2875AL firmware versions 1.00.01, 1.00.05 and most likely others.

Recommendations:
Update firmware to version 1.00.08AU 20161011 or later.

References:

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=26165

Search
Severity
Medium
CVSS Score
5.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.