CVE-2018-12103

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.

Se ha detectado un fallo en D-Link DIR-890L, con versiones de firmware 1.21B02beta01 y anteriores, en DIR-885L/R, con versiones de firmware 1.21B03beta01 y anteriores, y en DIR-895L/R, con versiones de firmware 1.21B04beta04 y anteriores (en todas las revisiones de hardware). Debido a la previsibilidad del URI /docs/captcha_(number).jpeg, siendo ésta local a la red pero autenticada en el panel de administrador, un atacante puede divulgar los CAPTCHA utilizados por el punto de acceso y puede elegir que se cargue el CAPTCHA de su elección. Esto conduce a intentos de inicio de sesión no autorizados a dicho punto de acceso.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-06-11 CVE Reserved
2018-07-02 CVE Published
2024-05-14 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-863: Incorrect Authorization

CAPEC

References (2)

URL	Tag	Source
http://seclists.org/fulldisclosure/2018/Jul/13	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099	2023-04-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dlink Search vendor "Dlink"	Dir-890l Firmware Search vendor "Dlink" for product "Dir-890l Firmware"	<= 1.21b02beta01 Search vendor "Dlink" for product "Dir-890l Firmware" and version " <= 1.21b02beta01"	-	Affected	in	Dlink Search vendor "Dlink"	Dir-890l Search vendor "Dlink" for product "Dir-890l"	-	-	Safe
D-link Search vendor "D-link"	Dir-885l\/r Firmware Search vendor "D-link" for product "Dir-885l\/r Firmware"	<= 1.21b03beta01 Search vendor "D-link" for product "Dir-885l\/r Firmware" and version " <= 1.21b03beta01"	-	Affected	in	D-link Search vendor "D-link"	Dir-885\/r Search vendor "D-link" for product "Dir-885\/r"	-	-	Safe
D-link Search vendor "D-link"	Dir-895l\/r Firmware Search vendor "D-link" for product "Dir-895l\/r Firmware"	<= 1.21b04beta01 Search vendor "D-link" for product "Dir-895l\/r Firmware" and version " <= 1.21b04beta01"	-	Affected	in	D-link Search vendor "D-link"	Dir-895\/r Search vendor "D-link" for product "Dir-895\/r"	-	-	Safe