PT-2018-17414 · D Link · Dir-620

Denis Makrushin

Published

2018-06-19

Updated

2021-04-23

CVE-2018-6210

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions D-Link DIR-620 version 1.0.37

Description The issue allows remote attackers to obtain access via a TELNET session, due to a hardcoded rostel account in a certain Rostelekom variant of the firmware.

Recommendations For version 1.0.37, consider disabling the TELNET service until a patch is available to prevent remote attackers from obtaining access.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-6210

Affected Products

Dir-620

PT-2018-17414 · D Link · Dir-620

CVE-2018-6210

Weakness Enumeration

Related Identifiers

Affected Products

References · 3