CVE-2018-6213
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
20/06/2018
Last modified:
26/04/2023
Description
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:d-link:dir-620_firmware:1.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:d-link:dir-620_firmware:1.0.37:*:*:*:*:*:*:* | ||
| cpe:2.3:o:d-link:dir-620_firmware:1.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:d-link:dir-620_firmware:1.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:d-link:dir-620_firmware:1.3.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:d-link:dir-620_firmware:1.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:d-link:dir-620_firmware:2.0.22:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dlink:dir-620:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/
- https://securelist.com/backdoors-in-d-links-backyard/85530/
- https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html
- https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/