PatchSiren cyber security CVE debrief
CVE-2018-25358 D-Link CVE debrief
CVE-2018-25358 documents an unauthenticated credential disclosure vulnerability in D-Link DIR-601 firmware version 2.02NA. The flaw resides in the /my_cgi.cgi endpoint, which accepts a table_name parameter that can be manipulated to extract sensitive configuration data without authentication. Affected parameters include admin_user, wireless_settings, and wireless_security, which return administrative credentials and wireless encryption keys in cleartext. The vulnerability was published to CVE on 23 May 2026 and last modified on 26 May 2026, with NVD status listed as Awaiting Analysis at time of source capture. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, and high confidentiality impact to the vulnerable component. This represents a critical exposure for affected deployments as it enables complete administrative compromise and wireless network key extraction without any prior access.
- Vendor
- D-Link
- Product
- DIR-601
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-23
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-23
- Advisory updated
- 2026-05-26
Who should care
Network administrators managing D-Link consumer/SMB gateway deployments; security teams responsible for IoT and network infrastructure asset inventory; incident responders investigating potential credential compromise in environments with D-Link equipment
Technical summary
The /my_cgi.cgi endpoint in D-Link DIR-601 2.02NA fails to enforce authentication before processing table_name parameter queries. Attackers can enumerate sensitive configuration tables including admin_user (administrative credentials), wireless_settings (network configuration), and wireless_security (encryption keys). The endpoint returns this data in cleartext HTTP responses, enabling complete device compromise without authentication barriers. This is a classic insecure direct object reference (IDOR) pattern in embedded web management interfaces.
Defensive priority
critical
Recommended defensive actions
- Immediately inventory all D-Link DIR-601 devices running firmware 2.02NA or earlier
- Restrict network access to device management interfaces to trusted administrative segments only
- Monitor for unauthorized POST requests to /my_cgi.cgi with table_name parameters
- Apply vendor firmware updates when available or replace affected end-of-life hardware
- Rotate all administrative credentials and wireless network keys on affected devices
- Implement network segmentation to isolate IoT/gateway devices from critical infrastructure
Evidence notes
Vulnerability confirmed through [email protected] advisory with Exploit-DB reference 45002. CWE-497 (Exposure of Sensitive System Information to an Unauthorized Actor) assigned. D-Link Canada support domain and product page referenced as vendor resources. PacketLabs and VulnCheck credited for research coordination.
Official resources
unauthenticated_credential_disclosure