DLINK DPH-400SE - Exposure of Sensitive Information

vendor:

DPH-400SE

by:

tahaafarooq

5.5

CVSS

MEDIUM

Exposure of Sensitive Information

200

CWE

Product Name: DPH-400SE

Affected Version From: FRU2.2.15.8

Affected Version To: FRU2.2.15.8

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: DLINK DPH-400SE (VoIP Phone)

2023

DLINK DPH-400SE – Exposure of Sensitive Information

With default credential for the guest user "guest:guest" to login on the web portal, the guest user can head to maintenance tab under access and modify the users which allows guest user to modify all users as well as view passwords for all users.

Mitigation:

Change the default guest credentials and ensure strong passwords are used for all users.

Source

Exploit-DB raw data:

# Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information
# Date : 25-08-2023
# Exploit Author : tahaafarooq
# Vendor Homepage : https://dlink.com/
# Version : FRU2.2.15.8
# Tested on: DLINK DPH-400SE (VoIP Phone)

Description:

With default credential for the guest user "guest:guest" to login on the web portal, the guest user can head to maintenance tab under access and modify the users which allows guest user to modify all users as well as view passwords for all users. For a thorough POC writeup visit: https://hackmd.io/@tahaafarooq/dlink-dph-400se-cwe-200

POC :

1. Login with the default guest credentials "guest:guest"
2. Access the Maintenance tab.
3. Under the maintenance tab, access the "Access" feature
4. On "Account Option" choose a user to modify, thus "Admin" and click modify.
5. Right click on the password, and click reveal, the password is then seen in plaintext.