What is GHSA-6w5x-hr69-xx7v?

GHSA-6w5x-hr69-xx7v is a security advisory published by GitHub Security Advisories with High severity. D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated...

Which CVE IDs does GHSA-6w5x-hr69-xx7v cover?

GHSA-6w5x-hr69-xx7v covers the following CVE IDs: CVE-2018-25358. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-6w5x-hr69-xx7v?

GHSA-6w5x-hr69-xx7v has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-6w5x-hr69-xx7vHighCVSS 7.5

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25358 →

📋 Description

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST requests. Attackers can send requests to /my_cgi.cgi with table_name values like admin_user, wireless_settings, and wireless_security to extract administrative credentials and wireless network keys in clear text.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2018-25358
https://www.exploit-db.com/exploits/45002
https://www.packetlabs.net
https://www.vulncheck.com/advisories/d-link-dir601-2-02na-credential-disclosure-via-my-cgi-cgi
http://ca.dlink.com
http://support.dlink.ca/ProductInfo.aspx?m=DIR-601
https://github.com/advisories/GHSA-6w5x-hr69-xx7v