3 results (0.012 seconds)

CVSS: 7.5EPSS: 95%CPEs: 4EXPL: 3

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. Vulnerabilidad de salto de directorio en DLink DVGN5402SP con firmware W1000CN00, W1000CN03 o W2000EN00 permite a atacantes remotos leer información sensible a través de un .. (punto punto) en el parámetro errorpage. D-Link DVG-N5402SP suffers from path traversal, weak credential management, and information leakage vulnerabilities. • https://www.exploit-db.com/exploits/39409 http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Feb/24 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 3

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. DLink DVGN5402SP con firmware W1000CN00, W1000CN03 o W2000EN00 tiene una contraseña predeterminada de root para la cuenta root y tw para la cuenta tw, lo que hace más fácil a atacantes remotos obtener acceso administrativo. D-Link DVG-N5402SP suffers from path traversal, weak credential management, and information leakage vulnerabilities. • https://www.exploit-db.com/exploits/39409 http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Feb/24 • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 3

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. DLink DVGN5402SP con firmware W1000CN00, W1000CN03 o W2000EN00 revela nombres de usuario, contraseñas, claves, valores y hashes de cuentas web (super y admin) en texto plano al ejecutar una copia de seguridad de configuración, lo que permite a atacantes remotos obtener información sensible. D-Link DVG-N5402SP suffers from path traversal, weak credential management, and information leakage vulnerabilities. • https://www.exploit-db.com/exploits/39409 http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Feb/24 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •