OpenCVE

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
D-link	Dir-885\/r Dir-885l\/r Firmware Dir-895\/r Dir-895l\/r Firmware
Dlink	Dir-890l Dir-890l Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:d-link:dir-885l\/r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dir-885\/r:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:d-link:dir-895l\/r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:d-link:dir-895\/r:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2018/Jul/13
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-05T20:00:00

Updated: 2024-08-05T08:24:03.699Z

Reserved: 2018-06-11T00:00:00

Link: CVE-2018-12103

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-07-05T20:29:00.433

Modified: 2023-04-26T19:27:52.350

Link: CVE-2018-12103

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099"}, {"name": "20180702 CVE-2018-12103", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2018/Jul/13"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12103", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099", "refsource": "CONFIRM", "url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099"}, {"name": "20180702 CVE-2018-12103", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2018/Jul/13"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:24:03.699Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099"}, {"name": "20180702 CVE-2018-12103", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2018/Jul/13"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-12103", "datePublished": "2018-07-05T20:00:00", "dateReserved": "2018-06-11T00:00:00", "dateUpdated": "2024-08-05T08:24:03.699Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-890l_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CFC03E5-D6C8-43CD-BD7B-9D15585CEF27", "versionEndIncluding": "1.21b02beta01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1EA89C7-4655-43A3-9D2B-D57640D56C09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dir-885l\\/r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8174965-65C2-4C75-90A3-CC4E00AE6E4F", "versionEndIncluding": "1.21b03beta01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:d-link:dir-885\\/r:-:*:*:*:*:*:*:*", "matchCriteriaId": "99E52143-C51C-4421-869A-A28A558888EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:d-link:dir-895l\\/r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D98B9837-9A7A-4B86-8C8F-FAE1EA7FDE55", "versionEndIncluding": "1.21b04beta01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:d-link:dir-895\\/r:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22F5799-66EB-4C0F-8071-9DB6EF10DE62", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point."}, {"lang": "es", "value": "Se ha detectado un fallo en D-Link DIR-890L, con versiones de firmware 1.21B02beta01 y anteriores, en DIR-885L/R, con versiones de firmware 1.21B03beta01 y anteriores, y en DIR-895L/R, con versiones de firmware 1.21B04beta04 y anteriores (en todas las revisiones de hardware). Debido a la previsibilidad del URI /docs/captcha_(number).jpeg, siendo \u00e9sta local a la red pero autenticada en el panel de administrador, un atacante puede divulgar los CAPTCHA utilizados por el punto de acceso y puede elegir que se cargue el CAPTCHA de su elecci\u00f3n. Esto conduce a intentos de inicio de sesi\u00f3n no autorizados a dicho punto de acceso."}], "id": "CVE-2018-12103", "lastModified": "2023-04-26T19:27:52.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-05T20:29:00.433", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2018/Jul/13"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10099"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}