[Suggested description]
An issue was discovered on D-Link DIR-890L A2 devices.
Due to the predictability of the /docs/captcha_(number).jpeg URI,
being local to the network, but unauthenticated to the administrator's
panel, an attacker can disclose the CAPTCHAs used by the access point
and can elect to load the CAPTCHA of their choosing, leading to
unauthorized login attempts to the access point.

------------------------------------------

[Vulnerability Type]
Incorrect Access Control

------------------------------------------

[Vendor of Product]
D-Link

------------------------------------------

[Affected Product Code Base]
DIR-890L - A2

------------------------------------------

[Affected Component]
Due to the predictability in the /docs/captcha_(number).jpeg while
loading the CAPTCHA, an attacker can change the CAPTCHA to load and
can load the same CAPTCHA each time.

------------------------------------------

[Attack Type]
Local

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[CVE Impact Other]
Predictability of CAPTCHA resulting in unauthorized login attempts to the
access point

------------------------------------------

[Attack Vectors]
An attacker must be local to the network but unauthenticated to the
administrator's panel.

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Kevin Randall