CVE-2018-20432

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:covr-2600r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:covr-2600r:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:covr-3902_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:covr-3902:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-09-14 14:15

Updated : 2024-02-28 17:47


NVD link : CVE-2018-20432

Mitre link : CVE-2018-20432

CVE.ORG link : CVE-2018-20432


JSON object : View

Products Affected

dlink

  • covr-2600r
  • covr-3902
  • covr-3902_firmware
  • covr-2600r_firmware
CWE
CWE-798

Use of Hard-coded Credentials