Vulnerability Details CVE-2018-20432
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.165
EPSS Ranking 94.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-Credentials.html
- https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109
- http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-Credentials.html
- https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109
Products affected by CVE-2018-20432
-
cpe:2.3:h:dlink:covr-2600r:-
-
cpe:2.3:h:dlink:covr-3902:-
-
cpe:2.3:o:dlink:covr-2600r_firmware:-
-
cpe:2.3:o:dlink:covr-2600r_firmware:1.01b05
-
cpe:2.3:o:dlink:covr-3902_firmware:-
-
cpe:2.3:o:dlink:covr-3902_firmware:1.00b19
-
cpe:2.3:o:dlink:covr-3902_firmware:1.01b05