Description
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/leonW7/D-Link/blob/master/Vul_3.md
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106852
Scores
CVSS v3
7.5
EPSS
0.0181
EPSS Percentile
82.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
dlink/dir-823g_firmware
1.02b03
Published
Feb 05, 2019
Tracked Since
Feb 18, 2026