CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.

Product Status

Learn more

Information not provided

References 2 Total

https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099
external site
seclists.org: 20180702 CVE-2018-12103
external site
mailing-list

Updated: 2024-08-05

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099
external site
x_transferred
seclists.org: 20180702 CVE-2018-12103
external site
mailing-listx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 2 Total

CVE Program

References 2 Total