An issue was discovered on D-Link DIR-601 2.02NA devices. Being local
to the network and having only "User" account (which is a low
privilege account) access, an attacker can intercept the response from
a POST request to obtain "Admin" rights due to the admin password
being displayed in XML.

------------------------------------------

[Vulnerability Type]
Insecure Permissions

------------------------------------------

[VulnerabilityType Other]
Privilege Escalation

------------------------------------------

[Vendor of Product]
D-Link

------------------------------------------

[Affected Product Code Base]
DIR-601 - 2.02NA

------------------------------------------

[Attack Type]
Local

------------------------------------------

[Impact Escalation of Privileges]
true

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Kevin Randall