CVE-2015-7246

CRITICAL

D-link Dvg-n5402sp Firmware - Hard-coded Credentials

Title source: rule

Description

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.

Exploits (1)

exploitdb WRITEUP

by Karn Ganeshen · textwebappshardware

https://www.exploit-db.com/exploits/39409

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html

[Exploit, Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2016/Feb/24

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39409/

Scores

CVSS v3 9.8

EPSS 0.3310

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (3)

d-link/dvg-n5402sp_firmware w1000cn-00

d-link/dvg-n5402sp_firmware w1000cn-03

d-link/dvg-n5402sp_firmware w2000en-00

Published Apr 24, 2017

Tracked Since Feb 18, 2026