CVE-2019-18852

moderate-risk
Published 2019-11-11

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (7)

Dir-645 A1 Firmware
Dir-815 A1 Firmware
Dir-823 A1 Firmware
Dir-842 C1 Firmware
Dir-890L A1 Firmware

Affected Vendors

Dlink

References (2)

Exploit https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet...
Exploit https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet...
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 14/34 · Moderate