CVE-2018-6213
published 2018-06-20CVE-2018-6213: In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITW
Exploited in the wild
EPSS
3.36%
87.2th percentile
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dir-620_firmware | — | — |
| d-link | dir-620_firmware | — | — |
| d-link | dir-620_firmware | — | — |
| d-link | dir-620_firmware | — | — |
| d-link | dir-620_firmware | — | — |
| d-link | dir-620_firmware | — | — |
| d-link | dir-620_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated privileged access to the D-Link DIR-620 web dashboard, which can be used to extract sensitive data such as configuration files with plain-text passwords. ↗
- ·The hardcoded 'anonymous' admin password is present only in a customized ISP variant of the D-Link DIR-620 firmware (not standard retail firmware); affected versions are 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22. ↗
- ·The devices were not intended for retail and were delivered to customers through an ISP who requested customization; the hardcoded credentials contain the name of the ISP in the login string. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Securelist
Backdoors in D-Link’s backyard
blogs_securelist·2018-05-23
Backdoors in D-Link’s backyard
Table of Contents
- The impact of vulnerabilities
- The object of research
- Technical details
- How to fix it
- Advisory Status
Authors
- Denis Makrushin
## Multiple vulnerabilities in D-Link DIR-620 router
“If you want to change the world, start with yourself.” In the case of security research this can be rephrased to: “If you want to make the world safer, start with the smart things in your home.” Or, to be more specific, start with your router – the core of any home network as well as an interesting research object. And that router you got from your ISP as part of your internet contract is even more interesting when it comes to research.
## The impact of vulnerabilities
Note: the following information about vulnerabilities has been submitted to the respective stakeholders (D-Li
Securelist
Backdoors in D-Link’s backyard
blogs_securelist·2018-05-23·CVSS 9.8
CVE-2018-6212 [CRITICAL] Backdoors in D-Link’s backyard
Table of Contents
The impact of vulnerabilities
The object of research
Technical details
Weakness in user data validation (reflected cross-site scripting) (CVE-2018-6212)
Hardcoded default credentials for web dashboard (CVE-2018-6213)
OS command injection (CVE-2018-6211)
Hardcoded default credentials for Telnet (CVE-2018-6210)
How to fix it
Advisory Status
Authors
Denis Makrushin
## Multiple vulnerabilities in D-Link DIR-620 router
“If you want to change the world, start with yourself.” In the case of security research this can be rephrased to: “If you want to make the world safer, start with the smart things in your home.” Or, to be more specific, start with your router – the core of any home network as well as an interesting research object. And that router you got from your
http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/https://securelist.com/backdoors-in-d-links-backyard/85530/https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.htmlhttps://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/https://securelist.com/backdoors-in-d-links-backyard/85530/https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.htmlhttps://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/
2018-06-20
Published
Exploited in the wild