CVE-2018-20432
CRITICALD-Link COVR-2600R and COVR-3902 Firmware < 1.01b05 - Unauthenticated Hardcoded Credentials
Title source: llmDescription
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/159058/COVR-3902-1.01B0-Hardcoded-Credentials.html
Patch, Vendor Advisory x_refsource_misc
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109
Exploit, Third Party Advisory x_refsource_misc
https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html
Scores
CVSS v3
9.8
EPSS
0.2032
EPSS Percentile
95.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (2)
dlink/covr-2600r_firmware
< 1.01b05
dlink/covr-3902_firmware
< 1.01b05
Published
Sep 14, 2020
Tracked Since
Feb 18, 2026