Описание
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до au_2.31_v1.1.47ae55 (исключая)
Одновременно
cpe:2.3:o:dlink:dsl2888a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dsl2888a:-:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.1984
Средний
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-427
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file).
EPSS
Процентиль: 95%
0.1984
Средний
6.5 Medium
CVSS3
3.3 Low
CVSS2
Дефекты
CWE-427