Plaintext Disclosure of Sensitive Information in D-Link DVG-N5402SP Configuration Backup

CVE-2015-7247 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:N/A:N

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.

Learn more about our Web App Pen Testing.