CVE-2013-7005

D-Link DSR-150/250/500/1000 Firmware - Cleartext Password Storage in Configuration File

Title source: llm
STIX 2.1

Description

D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 stores account passwords in cleartext, which allows local users to obtain sensitive information by reading the Users[#]["Password"] fields in /tmp/teamf1.cfg.ascii.

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/30061

Scores

EPSS 0.0004
EPSS Percentile 11.1%

Details

CWE
CWE-200
Status published
Products (50)
dlink/dsr-1000
dlink/dsr-1000_firmware 1.01b50
dlink/dsr-1000_firmware 1.02b11
dlink/dsr-1000_firmware 1.02b25
dlink/dsr-1000_firmware 1.03b12
dlink/dsr-1000_firmware 1.03b23
dlink/dsr-1000_firmware 1.03b27
dlink/dsr-1000_firmware 1.03b36
dlink/dsr-1000_firmware 1.03b43
dlink/dsr-1000_firmware 1.04b58
... and 40 more
Published Dec 19, 2013
Tracked Since Feb 18, 2026