CVE-2011-4723 - The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to ob

CVE-2011-4723

Summary

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.

References

http://en.securitylab.ru/lab/PT-2011-30

Vulnerable Configurations

cpe:2.3:h:dlink:dir-300:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-300:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 26-04-2023 - 18:55)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:N/A:N

refmap via4

misc

http://en.securitylab.ru/lab/PT-2011-30

Last major update

26-04-2023 - 18:55

Published

20-12-2011 - 11:55

Last modified

26-04-2023 - 18:55