D-Link DCM-604 and DCM-704 Vulnerability [ CVE-2018-20445]
CVE Number – CVE-2018-20445
A vulnerability, which was classified as problematic, has been found in D-Link DCM-604 and DCM-704 (unknown version). This issue affects some functionality. The manipulation as part of a SNMP Request leads to a information disclosure vulnerability (Credentials). Using CWE to declare the problem leads to CWE-200. Impacted is confidentiality.
The weakness was published 12/25/2018. The identification of this vulnerability is CVE-2018-20445 since 12/25/2018. The attack may be initiated remotely. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 12/26/2018).
At the time of publication there is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.