The vulnerability of D-Link Corp.’s DVG-N5402SP router software, related to the use of pre-installed user accounts, allows a hacker to gain administrator privileges.

The vulnerability of D-Link Corp.’s DVG-N5402SP router software is related to the use of pre-set user accounts. The “root” and “tw” passwords have been set for the “root” and “tw” user accounts, respectively. Exploiting this vulnerability could allow a remote attacker to gain administrator...

Default credentials

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access...

CVE-2015-7246

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access...

Design/Logic Flaw

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes super and admin in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information...

Directory traversal

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. dot dot in the errorpage parameter...

CVE-2015-7245

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. dot dot in the errorpage parameter...

CVE-2015-7245

Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. dot dot in the errorpage parameter...

CVE-2015-7246

CVE-2015-7246 affects D-Link DVG-N5402SP web management firmware W1000CN-00, W1000CN-03, and W2000EN-00. The issue is the presence of default credentials: root for the root account and tw for the tw account, enabling remote attackers to obtain administrative access via the device’s web interface....

CVE-2015-7247

CVE-2015-7247 affects D-Link DVG-N5402SP web management firmware versions W1000CN-00, W1000CN-03, and W2000EN-00. A configuration backup exposes plaintext sensitive data (usernames, passwords, keys, values, and web account hashes for super/admin), enabling remote attackers to obtain credentials o...

CVE-2015-7245

CVE-2015-7245 affects D-Link DVG-N5402SP devices running firmware W1000CN-00, W1000CN-03, or W2000EN-00. The issue is a directory traversal in the errorpage parameter that allows a remote attacker to read sensitive files on the device. Technical details from connected sources confirm the vulnerab...

D-Link DVG-N5402SP Cross Site Scripting

DLink Multiple Cross Site Scripting Vulnerabilities Vendor : www.dlink.com Product Model: DVG­N5402SP Published: 02/22/2016 Discovered by vesp3r [email protected] Advisory Timeline ----------------- 02/05/2016 - Vendor notified No response Vulnerability ------------- Reflected Cross Site...

D-Link DVG-N5402SP Directory Traversal Vulnerability

The D-Link DVG-N5402SP is a wireless router product from AUO D-Link for voice, fax and shared wireless Internet over IP networks. A directory traversal vulnerability exists in the D-Link DVG-N5402SP. An attacker can exploit this vulnerability to read arbitrary files...

D-Link DVG-N5402SP Information Disclosure Vulnerability

The D-Link DVG-N5402SP is a wireless router product from AUO D-Link for voice, fax and shared wireless Internet over IP networks. A security vulnerability exists in the D-Link DVG-N5402SP that originates from the program storing data in clear text. An attacker could exploit the vulnerability to...

D-Link DVG-N5402SP Path Traversal / Information Disclosure

DLink DVG­N5402SP File Path Traversal, Weak Credentials Management, and Sensitive Info Leakage Vulnerabilities Timelines Reported to CERT + Vendor: August 2015 Dlink released beta release: Oct 23, 2015 New fix release: MD5 GRNV6.1U23J-83-DL-R1B114-SGNormal.EN.img = 04fd8b901e9f297a4cdbea803a9a43c...

PT-2015-3329 · D Link · D-Link Dvg-N5402Sp

Name of the Vulnerable Software and Affected Versions: D-Link DVG-N5402SP with firmware W1000CN-00 D-Link DVG-N5402SP with firmware W1000CN-03 D-Link DVG-N5402SP with firmware W2000EN-00 Description: The issue is related to the use of default passwords for the root and tw accounts in the D-Link...