An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only User account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain Admin rights due to the admin password being displayed in XML.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dir-601_firmware | Dlink | 2.02na (including) | 2.02na (including) |