Lucene search

K
nvd[email protected]NVD:CVE-2018-20432
HistorySep 14, 2020 - 2:15 p.m.

CVE-2018-20432

2020-09-1414:15:10
CWE-798
web.nvd.nist.gov
3
router
kit
hardcoded
telnet
credentials
privileged access
sensitive data
configuration

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.687

Percentile

98.0%

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.

Affected configurations

Nvd
Node
dlinkcovr-2600r_firmwareRange1.01b05
AND
dlinkcovr-2600rMatch-
Node
dlinkcovr-3902_firmwareRange1.01b05
AND
dlinkcovr-3902Match-
VendorProductVersionCPE
dlinkcovr-2600r_firmware*cpe:2.3:o:dlink:covr-2600r_firmware:*:*:*:*:*:*:*:*
dlinkcovr-2600r-cpe:2.3:h:dlink:covr-2600r:-:*:*:*:*:*:*:*
dlinkcovr-3902_firmware*cpe:2.3:o:dlink:covr-3902_firmware:*:*:*:*:*:*:*:*
dlinkcovr-3902-cpe:2.3:h:dlink:covr-3902:-:*:*:*:*:*:*:*

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.687

Percentile

98.0%

Related for NVD:CVE-2018-20432