CVE-2018-20432

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:covr-2600r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:covr-2600r:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:covr-3902_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:covr-3902:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:01

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-Credentials.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-Credentials.html - Exploit, Third Party Advisory, VDB Entry
References () https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html - Exploit, Third Party Advisory () https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html - Exploit, Third Party Advisory
References () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109 - Patch, Vendor Advisory () https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109 - Patch, Vendor Advisory

Information

Published : 2020-09-14 14:15

Updated : 2024-11-21 04:01


NVD link : CVE-2018-20432

Mitre link : CVE-2018-20432

CVE.ORG link : CVE-2018-20432


JSON object : View

Products Affected

dlink

  • covr-2600r
  • covr-2600r_firmware
  • covr-3902
  • covr-3902_firmware
CWE
CWE-798

Use of Hard-coded Credentials