Vulnerability Details : CVE-2018-20432
Potential exploit
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
Products affected by CVE-2018-20432
- cpe:2.3:o:dlink:covr-2600r_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:covr-3902_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-20432
16.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-20432
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-20432
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-20432
-
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109
D-Link Technical SupportPatch;Vendor Advisory
-
http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-Credentials.html
COVR 3902 1.01B0 Hardcoded Credentials ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html
CVE-2018-20432 - Hardcoded credentials in DLink CoVR-2600R RouterExploit;Third Party Advisory
Jump to