CVE-2018-25358: D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi
D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.
Security readout for executives and security teams
An older D-Link DIR-601 home router version 2.02NA leaks its own admin username, password, and Wi-Fi keys to anyone who can reach its web interface. No login is required. If the router's admin page is exposed to the internet or an untrusted network, an attacker can read those secrets and take over the router or the Wi-Fi network. Exposure is limited to organizations or households still running the legacy D-Link DIR-601 with firmware 2.02NA. Risk rises sharply when the router's management interface is reachable from the WAN or from any untrusted LAN segment. Public exploit code exists (ExploitDB 45002), so opportunistic scanning is plausible. Moderate business urgency: only relevant if this legacy D-Link model is still in use. Where it is, treat it as high priority because credentials are leaked without authentication and the device appears unsupported. Plan replacement rather than patching. Mitigation focus: Restrict router management to the LAN and disable remote/WAN administration.; Replace the DIR-601 with a currently supported router, as the device is end-of-life.; Check D-Link support pages for any firmware or advisory updates before relying on the device..
Prepared
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-497: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references authentication or credential exposure, so valid-account and credential-access review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.