Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7246 — Hard-coded Credentials in D-link Dvg-n5402sp Firmware

CWE-798 — Hard-coded Credentials4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

33.1%

top 3.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

D-link Dvg-n5402sp Firmware

Timeline

PublishedApr 24

Latest updateMay 17

Description

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDd-link/dvg-n5402sp_firmwarew1000cn-00, w1000cn-03, w2000en-00+2

🔴Vulnerability Details

GHSA

GHSA-793m-hgfj-gwq5: D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account,↗2022-05-17

▶

CVEList

CVE-2015-7246: D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account,↗2017-04-24

▶

💥Exploits & PoCs

Exploit-DB

D-Link DVGN5402SP - Multiple Vulnerabilities↗2016-02-04

▶