Is CVE-2018-12103 actively exploited?

CVE-2018-12103 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-12103?

CVE-2018-12103 has a CVSS score of 6.5 (MEDIUM severity). Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2018-12103?

Patch guidance is available from dlink security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-12103.

CVE-2018-12103 - remediation guidance & executive summary

Q: Which products are affected by CVE-2018-12103?

3 products: dlink dir-890l firmware, d-link dir-885l\/r firmware, d-link dir-895l\/r firmware.

Description

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices (all hardware revisions). Due to the predictability of the /docs/captcha_(number).jpeg URI, being local to the network, but unauthenticated to the administrator's panel, an attacker can disclose the CAPTCHAs used by the access point and can elect to load the CAPTCHA of their choosing, leading to unauthorized login attempts to the access point.

CVSS Metrics

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-863 · Incorrect Authorization

Metadata

Primary Vendor: DLINK
Published: 7/5/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

dlink : dir-890l_firmwared-link : dir-885l\/r_firmwared-link : dir-895l\/r_firmware

Remediation Guidance

Executive Summary

View on NIST NVD