CVE-2024-44408
HIGHD-Link DIR-823G v1.0.2B05_20181207 - Unauthenticated Information Disclosure via Configuration File Download
Title source: llmDescription
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/CVE-2024-44408
Exploit, Third Party Advisory
https://github.com/lonelylonglong/openfile-/blob/main/DIR-823G.md/DIR-823G.md
Scores
CVSS v3
7.5
EPSS
0.0063
EPSS Percentile
45.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
CWE-862
Status
published
Products (1)
dlink/dir-823g_firmware
1.0.2b05_20181207
Published
Sep 06, 2024
Tracked Since
Feb 18, 2026