CVE-2018-20432

Published: Sep 14, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.

Affected (2)

Products: Dlink: Covr 2600r Firmware, Covr 3902 Firmware

Dlink

2 products

Covr 2600r Firmware

Covr 3902 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Covr 2600r Firmware	Up to 1.01b05

Running on/with	Platform Versions
Dlink Covr 2600r	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Covr 3902 Firmware	Up to 1.01b05

Running on/with	Platform Versions
Dlink Covr 3902	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (6)

http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-Credentials.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109

Source: cve@mitre.org

PatchVendor Advisory

http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-Credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.