CVE-2018-6210
CRITICAL IN THE WILDD-Link DIR-620 Firmware 1.0.37 - Use of Hard-coded Credentials via TELNET
Title source: llmExploitation Summary
CVE-2018-6210 has been observed exploited in the wild (reported by InTheWild.io).
Description
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://securelist.com/backdoors-in-d-links-backyard/85530/
Scores
CVSS v3
9.8
EPSS
0.0132
EPSS Percentile
80.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
InTheWild.io
2018-05-26
CWE
CWE-798
Status
published
Products (1)
dlink/dir-620_firmware
1.0.37
Published
Jun 19, 2018
Tracked Since
Feb 18, 2026