D-Link: >> Dvg-N5402sp Firmware >> w2000en-00 Security Vulnerabilities
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
CVSS Score
7.5
EPSS Score
0.854
Published
2017-04-24
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
CVSS Score
9.8
EPSS Score
0.331
Published
2017-04-24
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
CVSS Score
9.8
EPSS Score
0.309
Published
2017-04-24