← back
CVE-2011-4723

CVE-2011-4723

CVSS 5.7 MEDIUMEPSS 3.1%● KEVCWE-312
In short

The D-Link DIR-300 router saves user passwords in plain text instead of encrypting them. This means anyone who gains access to the router's files can easily read and steal these passwords.

Technical detail

The device fails to implement proper password storage mechanisms (CWE-312: Cleartext Storage of Sensitive Information), storing credentials in plaintext accessible through unspecified vectors. An attacker with local or remote access to configuration files can directly recover authentication credentials without cryptographic overhead.

Summary generated and translated by AI from the official description.
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://en.securitylab.ru/lab/PT-2011-30https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-4723