Zero Day MonitorZDM

← Back to list

—

CVE-2018-25358EXPLOITED

d-link · dir601

D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

Description

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.

Affected Products

Vendor	Product	Versions
d-link	dir601	0

References

https://www.exploit-db.com/exploits/45002(exploit)
http://ca.dlink.com/(product)
https://www.packetlabs.net(product)
http://support.dlink.ca/ProductInfo.aspx?m=DIR-601(product)
https://www.vulncheck.com/advisories/d-link-dir601-2-02na-credential-disclosure-via-my-cgi-cgi(third-party-advisory)

Related News (1 articles)

Tier C

VulDB2d ago

CVE-2018-25358 | D-Link DIR601NA up to 2.02 Setting /my_cgi.cgi table_name exposure of sensitive system information to an unauthorized control sphere (Exploit 45002 / EDB-45002)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-497

PublishedMay 23, 2026

Last enriched2d agov2

Trending Score38

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

D-Link DSL2600U 'rom-0' Admin Password Disclosure

NONECVE-2026-8271

D-Link DNS-320 network_mgr.cgi cgi_upnp_edit os command injection

CRITICALCVE-2026-42376

D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials

NONECVE-2026-8346

D-Link DIR-816 portForward command injection

NONECVE-2026-8344

D-Link DIR-816 formDMZ.cgi sub_445E7C command injection

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 23, 2026

Discovered by ZDM

May 23, 2026

Updated: description, severity, exploitAvailable, activelyExploited

May 24, 2026

Actively Exploited

May 26, 2026

Exploit Available

May 26, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated severity to CRITICAL, marked exploit as available, and provided a more detailed description of the vulnerability.

descriptionseverityexploitAvailableactivelyExploited

via VulDB

v13d ago

Initial creation