CVE-2019-18852 Information

Description

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW DIR-890L A1 v1.03 DIR-615 J1 v100 (for DCN) DIR-645 A1 v1.03 DIR-815 A1 v1.01 DIR-823 A1 v1.01 and DIR-842 C1 v3.00.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/ChandlerChin/Dlink_vuls/blob/master/A20hard20coded20telnet20user20was20discovered20in20multiple20Dlink20routers.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8