Vulnerability Details CVE-2019-18852
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-18852
-
cpe:2.3:h:dlink:dir-600_b1:-
-
cpe:2.3:h:dlink:dir-615_j1:-
-
cpe:2.3:h:dlink:dir-645_a1:-
-
cpe:2.3:h:dlink:dir-815_a1:-
-
cpe:2.3:h:dlink:dir-823_a1:-
-
cpe:2.3:h:dlink:dir-842_c1:-
-
cpe:2.3:h:dlink:dir-890l_a1:-
-
cpe:2.3:o:dlink:dir-600_b1_firmware:2.01
-
cpe:2.3:o:dlink:dir-615_j1_firmware:100
-
cpe:2.3:o:dlink:dir-645_a1_firmware:1.03
-
cpe:2.3:o:dlink:dir-815_a1_firmware:1.01
-
cpe:2.3:o:dlink:dir-823_a1_firmware:1.01
-
cpe:2.3:o:dlink:dir-842_c1_firmware:3.00
-
cpe:2.3:o:dlink:dir-890l_a1_firmware:1.03