Cyber Resilience

CVE-2011-4723

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 20 December 2011

Published
20 December 2011
Modified
22 April 2026
KEV Added
08 September 2022
Patch
CVSS Score v3.1 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1405 94.5th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2011-4723 is a medium-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Dlink Dir-300 Firmware. Its CVSS base score is 5.7 (Medium).

Operationally, ranked in the top 5.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-28 (Protection of Information at Rest) and IA-5 (Authenticator Management).

Deeper analysis

The D-Link DIR-300 router is affected by CVE-2011-4723, a vulnerability in which the device stores passwords in cleartext. This issue is tracked under CWE-312 and received a CVSS 3.1 score of 5.7 with the vector AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Context-dependent attackers can leverage the flaw to obtain sensitive credential information. The attack requires adjacent network access and low privileges but results in high impact to confidentiality.

One reference URL points to the CISA Known Exploited Vulnerabilities catalog entry for this CVE, indicating that the issue has been observed in real-world exploitation and should be prioritized for remediation on affected devices.

EU & UK References

Vulnerability details

The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.

CWE(s)
KEV Date Added
08 September 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dlink
dir-300 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic protection of information at rest, eliminating the cleartext password storage flaw in the DIR-300.

prevent

Mandates secure authenticator management practices that preclude storing passwords in plaintext on the device.

prevent

Enforces access restrictions on the configuration store, limiting which processes or users can read the cleartext credentials.

References