CVE-2018-18009

EUVD-2018-9748
dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
dlinkdir-140l_firmware
1.02
dlinkdir-640l_firmware
1.01ru:ru
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2018/Dec/46
http://www.securityfocus.com/bid/106336
http://seclists.org/fulldisclosure/2018/Dec/46
http://www.securityfocus.com/bid/106336