Vulnerability: D-Link DIR-868L/817LW - Information Disclosure

D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router’s username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.

Impact

An attacker can exploit this vulnerability to gain access to sensitive information, such as router configuration settings and credentials.

Severity

critical

Verified

Unknown