CVE-2018-17881

On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
References
Link Resource
https://xz.aliyun.com/t/2834#toc-5 Exploit Third Party Advisory
Configurations

Configuration 1


Information

Published : 2018-10-03 08:29

Updated : 2018-12-17 01:22


NVD link : CVE-2018-17881

Mitre link : CVE-2018-17881

Products Affected
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password