Vulnerability Description
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Covr-2600R Firmware | <= 1.01b05 |
| Dlink | Covr-2600R | - |
| Dlink | Covr-3902 Firmware | <= 1.01b05 |
| Dlink | Covr-3902 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-CredentiaExploitThird Party AdvisoryVDB Entry
- https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.htmlExploitThird Party Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1PatchVendor Advisory
- http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-CredentiaExploitThird Party AdvisoryVDB Entry
- https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.htmlExploitThird Party Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1PatchVendor Advisory
FAQ
What is CVE-2018-20432?
CVE-2018-20432 is a vulnerability with a CVSS score of 9.8 (CRITICAL). D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract...
How severe is CVE-2018-20432?
CVE-2018-20432 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-20432?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Covr-2600R Firmware, Dlink Covr-2600R, Dlink Covr-3902 Firmware, Dlink Covr-3902.