CVE-2018-5708

HIGH

D-Link DIR-601 B1 2.02NA - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-5708. PoCs published by Kevin Randall, KevinRandall1337.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated information disclosure vulnerability in DLink DIR-601 routers, allowing an attacker to retrieve the admin username and password by manipulating POST requests to the router's CGI interface.

Description

An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML.

Exploits (2)

exploitdb WORKING POC
by Kevin Randall · textwebappshardware
https://www.exploit-db.com/exploits/44388

This exploit demonstrates an unauthenticated information disclosure vulnerability in DLink DIR-601 routers, allowing an attacker to retrieve the admin username and password by manipulating POST requests to the router's CGI interface.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: DLink DIR-601 Firmware 2.02NA Hardware Version B1
No auth needed
Prerequisites: Local network access to the router · Ability to intercept and modify HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44388/
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Mar/66

Scores

CVSS v3 8.0
EPSS 0.0633
EPSS Percentile 92.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (1)
dlink/dir-601_firmware 2.02na
Published Mar 30, 2018
Tracked Since Feb 18, 2026