CVE-2018-18009

CRITICAL

D-Link DIR-140L and DIR-640L Firmware - Unauthenticated Hard-coded Credentials Exposure

Title source: llm
STIX 2.1

Description

dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106336
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Dec/46

Scores

CVSS v3 9.8
EPSS 0.0118
EPSS Percentile 78.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (2)
dlink/dir-140l_firmware 1.02
dlink/dir-640l_firmware 1.01ru
Published Dec 21, 2018
Tracked Since Feb 18, 2026