CVE-2018-25358 in DIR601NA
Summary
by MITRE • 05/23/2026
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/24/2026
The D-Link DIR601 router model running firmware version 2.02NA presents a critical credential disclosure vulnerability that compromises the security posture of network infrastructure. This vulnerability stems from insufficient input validation within the web interface's configuration management component, specifically affecting the /my_cgi.cgi endpoint that processes POST requests containing table_name parameters. The flaw enables unauthenticated attackers to bypass normal access controls and directly retrieve sensitive configuration data without requiring legitimate credentials or administrative privileges.
The technical implementation of this vulnerability resides in the router's web server handling of dynamic table name parameters within the configuration API. When attackers submit POST requests to the /my_cgi.cgi endpoint with manipulated table_name values such as admin_user, wireless_settings, and wireless_security, the system fails to properly validate or sanitize the input parameters. This lack of input sanitization creates a path traversal condition where the application directly uses the supplied parameter values to construct database queries or file access operations. The vulnerability aligns with CWE-20, which describes improper input validation, and represents a classic example of insecure direct object reference that allows unauthorized data access.
The operational impact of this vulnerability extends beyond simple credential theft to encompass complete network compromise. Attackers can extract administrative usernames and passwords, wireless network keys, and other sensitive configuration parameters in clear text format, providing them with full access to the router's management interface and underlying network configuration. This exposure enables attackers to modify router settings, disable security features, redirect traffic, or establish persistent access points within the network. The vulnerability's severity is amplified by its unauthenticated nature, meaning that any attacker with network access can exploit it without prior authentication, making it particularly dangerous in environments where routers are exposed to untrusted networks or where physical access is possible.
The attack vector for this vulnerability operates through standard network protocols and requires minimal technical expertise to exploit. An attacker only needs to send crafted POST requests to the router's web interface, making the attack surface accessible through web browsers, automated scanning tools, or custom scripts. The lack of authentication requirements and the clear text transmission of sensitive data means that even basic network monitoring tools can capture the extracted credentials. This vulnerability directly maps to several ATT&CK techniques including T1566 for credential access through network infrastructure and T1071 for application layer protocols, demonstrating how router security flaws can enable broader attack chains. Organizations should implement immediate mitigations including firmware updates from D-Link, network segmentation to isolate affected devices, and monitoring for suspicious traffic patterns. The vulnerability underscores the critical importance of input validation in web applications and highlights the need for robust authentication mechanisms in network infrastructure devices to prevent unauthorized access to sensitive configuration data.