Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Read this description. How would you classify this vulnerability? LAN-Side Unauthenticated Access to Management Features: Unauthenticated attackers on the same network can force the device to enable telnet service by accessing a specific URL and can log in using the hardcoded credentials obtained from reverse engineering and analyzing the firmware https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398 Path traversal is correct! Good job

Download link

Read this description. How would you classify this vulnerability? LAN-Side Unauthenticated Access to Management Features: Unauthenticated attackers on the same network can force the device to enable telnet service by accessing a specific URL and can log in using the hardcoded credentials obtained from reverse engineering and analyzing the firmware https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398 Path traversal is correct! Good job
https://mastodon.infrageeks.social/system/media_attachments/files/112/632/364/478/451/144/original/f71c265839d0a244.png

Notices where this attachment appears

Embed this notice
Erik Ableson (erik@mastodon.infrageeks.social)'s status on Tuesday, 18-Jun-2024 21:21:03 JST Erik Ableson

@thegrugq I believe that's the result of a limitation in the CVE categories. For some reason, nobody thought to include any of the following categories:
- 🤦 boneheaded default creds
- 🤞insufficiently obfuscated debug tool
- ☹️<insert state name> made us do this
- 🤨forgot to hook up auth mechanism
Who do we petition to get more granular CVE classification (with Emoji shortcuts)?
😁

In conversation about 7 months ago from mastodon.infrageeks.social permalink