Description
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://cert.pl/posts/2026/05/CVE-2026-4377
Product product
https://www.dlink.com/pl/pl/products/dwr-1820-cp#support
Scores
CVSS v4
6.0
EPSS
0.0014
EPSS Percentile
3.7%
CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1391
Status
published
Products (1)
D-Link Corporation/DWR-X1820
1.00B14CP - 1.00B16CP
Published
May 28, 2026
Tracked Since
May 28, 2026