CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the firmware.
[
{
"vendor": "D-Link",
"product": "G403",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "G415",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "G416",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M18",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R03",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R04",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R12",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R18",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "E30",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M30",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M32",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "M60",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R32",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "E15",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.20.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "D-Link",
"product": "R15",
"versions": [
{
"status": "affected",
"version": "earlier",
"lessThan": "1.20.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]
[
{
"cpes": [
"cpe:2.3:o:dlink:r12_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:r18_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:r04_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:r03_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:m18_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:g416_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:g415_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:g403_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "dlink",
"product": "g403_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.10.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:dlink:r32_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:m60_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:m32_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:m30_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:e30_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "dlink",
"product": "e30_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.10.02",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
},
{
"cpes": [
"cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*",
"cpe:2.3:o:dlink:e15_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "dlink",
"product": "e15_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.20.01",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total