D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability

Technical Severity

MEDIUM

5.7 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitation Likelihood

12.73 %

Predictive Probability

Percentile Rank

93.8 th

Documented as more likely to be exploited than 93.8% of known CVEs.

Detection Date

Sep 08, 2022

Remediation Due

Sep 29, 2022

CISA Catalog Active

Threat Analysis

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.

The impacted product is end-of-life and should be disconnected if still in use.

Vendor Identity

D-Link

Affected Product

DIR-300 Router

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-310

https://www.dlink.com/uk/en/support/product/dir-300-wireless-g-router

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2011-4723