CVE-2018-17777

Name of the Vulnerable Software and Affected Versions D-Link DVA-5592 version A1 WI 20180823

Description An issue was discovered related to the default Parental Control PIN. If the PIN of the page "/ui/cbpc/login" is the default (0000), it is possible to bypass the login form by editing the path of the cookie sid generated by the page. This allows an attacker to access the router control panel with administrator privileges. The vulnerability is associated with the use of the predefined PIN code and can be exploited by a remote attacker to bypass authentication and gain access to the router's control panel with administrator privileges.

Recommendations For D-Link DVA-5592 version A1 WI 20180823, consider changing the default Parental Control PIN to a unique value to prevent exploitation. As a temporary workaround, restrict access to the "/ui/cbpc/login" page to minimize the risk of unauthorized access. Avoid using the default PIN code for the sid cookie to prevent bypassing the login form. At the moment, there is no information about a newer version that contains a fix for this vulnerability.