D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dsr 500n
HWDlinkwszystkie wersjeDlink Dsr 500n Firmware
OSDlink1.02
Powiązane podatności
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router w...
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary i...
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksum...
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firm...