Vulnerabilites related to d-link - dir-809_guestzone_firmware
Vulnerability from fkie_nvd
Published
2018-10-09 17:29
Modified
2024-11-21 03:48
Severity ?
Summary
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| d-link | dir-809_a1_firmware | * | |
| d-link | dir-809_a2_firmware | * | |
| d-link | dir-809_guestzone_firmware | * | |
| dlink | dir-809 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-809_a1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA79E6FC-1E52-4C38-88DB-B3A8D0567A1E",
"versionEndIncluding": "1.09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:d-link:dir-809_a2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB04A2F-EE93-453C-A953-0491908CA242",
"versionEndIncluding": "1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:d-link:dir-809_guestzone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02C23BEA-B55D-41DF-A762-3B61752BA151",
"versionEndIncluding": "1.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D348FC9-9375-4379-A631-C51A78F80D75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en dispositivos D-Link DIR-809 A1 hasta la versi\u00f3n 1.09, A2 hasta la versi\u00f3n 1.11 y Guest Zone hasta la versi\u00f3n 1.09. Las contrase\u00f1as del dispositivo, como la contrase\u00f1a de administrador y la clave WPA, est\u00e1n almacenadas en texto claro."
}
],
"id": "CVE-2018-14081",
"lastModified": "2024-11-21T03:48:35.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-09T17:29:00.973",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-09 17:29
Modified
2024-11-21 03:48
Severity ?
Summary
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| d-link | dir-809_a1_firmware | * | |
| d-link | dir-809_a2_firmware | * | |
| d-link | dir-809_guestzone_firmware | * | |
| dlink | dir-809 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:d-link:dir-809_a1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA79E6FC-1E52-4C38-88DB-B3A8D0567A1E",
"versionEndIncluding": "1.09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:d-link:dir-809_a2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB04A2F-EE93-453C-A953-0491908CA242",
"versionEndIncluding": "1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:d-link:dir-809_guestzone_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02C23BEA-B55D-41DF-A762-3B61752BA151",
"versionEndIncluding": "1.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dlink:dir-809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D348FC9-9375-4379-A631-C51A78F80D75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en dispositivos D-Link DIR-809 A1 hasta la versi\u00f3n 1.09, A2 hasta la versi\u00f3n 1.11 y Guest Zone hasta la versi\u00f3n 1.09. Se pueden omitir los mecanismos de autenticaci\u00f3n para descargar el archivo de configuraci\u00f3n."
}
],
"id": "CVE-2018-14080",
"lastModified": "2024-11-21T03:48:34.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-09T17:29:00.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-14081 (GCVE-0-2018-14081)
Vulnerability from cvelistv5
Published
2018-10-09 15:00
Modified
2024-08-05 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:41.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/",
"refsource": "MISC",
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14081",
"datePublished": "2018-10-09T15:00:00",
"dateReserved": "2018-07-15T00:00:00",
"dateUpdated": "2024-08-05T09:21:41.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14080 (GCVE-0-2018-14080)
Vulnerability from cvelistv5
Published
2018-10-09 15:00
Modified
2024-08-05 09:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:21:41.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/",
"refsource": "MISC",
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14080",
"datePublished": "2018-10-09T15:00:00",
"dateReserved": "2018-07-15T00:00:00",
"dateUpdated": "2024-08-05T09:21:41.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}