CVE-2018-18007 — Hard-coded Credentials in Dlink Dsl-2770l Firmware

CWE-798 — Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.0%
top 13.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dsl-2770l Firmware
Timeline
PublishedDec 21
Latest updateMay 13

Description

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

â–¶NVDdlink/dsl-2770l_firmwareme_1.01, me_1.02, me_1.06+2

🔴Vulnerability Details

2
GHSA
GHSA-7hr6-6xp5-7xf9: atbox↗2022-05-13
â–¶
CVEList
CVE-2018-18007: atbox↗2018-12-21
â–¶
CVE-2018-18007 — Hard-coded Credentials in Dlink | cvebase