CVE-2018-6213

CRITICAL IN THE WILD

D-Link DIR-620 Firmware 1.0.3/1.0.37/1.3.1/1.3.3/1.3.7/1.4.0/2.0.22 - Use of Hard-coded Credentials

Title source: llm

Exploitation Summary

CVE-2018-6213 has been observed exploited in the wild (reported by InTheWild.io).

Description

In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.

References (4)

Core 4

Core References

Third Party Advisory x_refsource_misc

https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html

Third Party Advisory x_refsource_misc

https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/

Exploit, Third Party Advisory x_refsource_misc

https://securelist.com/backdoors-in-d-links-backyard/85530/

Third Party Advisory x_refsource_misc

http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/

Scores

CVSS v3 9.8

EPSS 0.0336

EPSS Percentile 87.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

InTheWild.io 2018-05-26

CWE

CWE-798

Status published

Products (7)

d-link/dir-620_firmware 1.0.3

d-link/dir-620_firmware 1.0.37

d-link/dir-620_firmware 1.3.1

d-link/dir-620_firmware 1.3.3

d-link/dir-620_firmware 1.3.7

d-link/dir-620_firmware 1.4.0

d-link/dir-620_firmware 2.0.22

Published Jun 20, 2018

Tracked Since Feb 18, 2026