CVE-2018-20432

Name of the Vulnerable Software and Affected Versions: D-Link COVR-2600R and COVR-3902 Kit versions prior to 1.01b05Beta01

Description: The issue is related to the use of hardcoded credentials for telnet connections, allowing unauthenticated attackers to gain privileged access to the router. This access can be used to extract sensitive data or modify the configuration. The exploitation of this issue can allow a remote attacker to elevate their privileges.

Recommendations: For D-Link COVR-2600R and COVR-3902 Kit versions prior to 1.01b05Beta01, update to version 1.01b05Beta01 or later to resolve the issue. As a temporary workaround, consider disabling telnet connections until a patch is available. Restrict access to the router's configuration to minimize the risk of exploitation. Avoid using the hardcoded credentials in the affected telnet connection until the issue is resolved.