The vulnerability of D-Link Corp.’s DVG-N5402SP router software, related to the use of pre-installed user accounts, allows a hacker to gain administrator privileges.

The vulnerability of D-Link Corp.’s DVG-N5402SP router software is related to the use of pre-set user accounts. The “root” and “tw” passwords have been set for the “root” and “tw” user accounts, respectively. Exploiting this vulnerability could allow a remote attacker to gain administrator...

Default credentials

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access...

Design/Logic Flaw

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes super and admin in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information...

CVE-2015-7245

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. dot dot in the errorpage parameter...

CVE-2015-7246

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access...

Directory traversal

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. dot dot in the errorpage parameter...

CVE-2015-7245

CVE-2015-7245 affects D-Link DVG-N5402SP devices running firmware W1000CN-00, W1000CN-03, or W2000EN-00. The issue is a directory traversal in the errorpage parameter that allows a remote attacker to read sensitive files on the device. Technical details from connected sources confirm the vulnerab...

CVE-2015-7246

CVE-2015-7246 affects D-Link DVG-N5402SP web management firmware W1000CN-00, W1000CN-03, and W2000EN-00. The issue is the presence of default credentials: root for the root account and tw for the tw account, enabling remote attackers to obtain administrative access via the device’s web interface....

CVE-2015-7247

CVE-2015-7247 affects D-Link DVG-N5402SP web management firmware versions W1000CN-00, W1000CN-03, and W2000EN-00. A configuration backup exposes plaintext sensitive data (usernames, passwords, keys, values, and web account hashes for super/admin), enabling remote attackers to obtain credentials o...

CVE-2015-7245

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. dot dot in the errorpage parameter...

D-Link DVG-N5402SP Cross Site Scripting

DLink Multiple Cross Site Scripting Vulnerabilities Vendor : www.dlink.com Product Model: DVG­N5402SP Published: 02/22/2016 Discovered by vesp3r [email protected] Advisory Timeline ----------------- 02/05/2016 - Vendor notified No response Vulnerability ------------- Reflected Cross Site...

D-Link DVG-N5402SP Directory Traversal Vulnerability

The D-Link DVG-N5402SP is a wireless router product from AUO D-Link for voice, fax and shared wireless Internet over IP networks. A directory traversal vulnerability exists in the D-Link DVG-N5402SP. An attacker can exploit this vulnerability to read arbitrary files...

D-Link DVG-N5402SP Information Disclosure Vulnerability

The D-Link DVG-N5402SP is a wireless router product from AUO D-Link for voice, fax and shared wireless Internet over IP networks. A security vulnerability exists in the D-Link DVG-N5402SP that originates from the program storing data in clear text. An attacker could exploit the vulnerability to...

D-Link DVG-N5402SP Path Traversal / Information Disclosure

DLink DVG­N5402SP File Path Traversal, Weak Credentials Management, and Sensitive Info Leakage Vulnerabilities Timelines Reported to CERT + Vendor: August 2015 Dlink released beta release: Oct 23, 2015 New fix release: MD5 GRNV6.1U23J-83-DL-R1B114-SGNormal.EN.img = 04fd8b901e9f297a4cdbea803a9a43c...

PT-2015-3329 · D Link · D-Link Dvg-N5402Sp

Name of the Vulnerable Software and Affected Versions: D-Link DVG-N5402SP with firmware W1000CN-00 D-Link DVG-N5402SP with firmware W1000CN-03 D-Link DVG-N5402SP with firmware W2000EN-00 Description: The issue is related to the use of default passwords for the root and tw accounts in the D-Link...