PT-2026-44226 · D Link · Dwr-X1820
Bartłomiej Włodarski
·
Published
2026-05-28
·
Updated
2026-05-28
·
CVE-2026-4377
CVSS v4.0
6.0
Medium
| Vector | AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Dlink DWR-X1820 versions prior to 1.00B16CP
Description
The router uses a weak default password generated from the device IMEI number and does not mandate a password change upon setup. An attacker with knowledge of the generation algorithm and access to the device IMEI number can easily crack the default password.
Recommendations
Update to version 1.00B16CP.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dwr-X1820