ID
VAR-202009-1214
CVE
CVE-2018-20432
TITLE
D-Link COVR-2600R and COVR-3902 Kit Vulnerability in Using Hard Coded Credentials
Trust: 0.8
sources:
JVNDB: JVNDB-2018-016499
DESCRIPTION
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. D-Link COVR-2600R and COVR-3902 Kit Is vulnerable to the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Trust: 1.71
sources:
NVD: CVE-2018-20432 //
JVNDB: JVNDB-2018-016499 //
VULMON: CVE-2018-20432
AFFECTED PRODUCTS
| vendor: | dlink | model: | covr-2600r | scope: | lte | version: | 1.01b05 | Trust: 1.0 |
| vendor: | dlink | model: | covr-3902 | scope: | lte | version: | 1.01b05 | Trust: 1.0 |
| vendor: | d link | model: | covr-2600r | scope: | - | version: | - | Trust: 0.8 |
| vendor: | d link | model: | covr-3902 | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2018-016499 //
NVD: CVE-2018-20432
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULMON: CVE-2018-20432 //
JVNDB: JVNDB-2018-016499 //
CNNVD: CNNVD-202009-867 //
NVD: CVE-2018-20432
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.0 |
| problemtype: | Using hardcoded credentials (CWE-798) [NVD Evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2018-016499 //
NVD: CVE-2018-20432
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202009-867
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-202009-867
PATCH
| title: | Hard-Coded Credential Discovered in Router Firmware 1.01B05 and older | url: | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10109 | Trust: 0.8 |
| title: | D-Link COVR-2600R Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128559 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2018-016499 //
CNNVD: CNNVD-202009-867
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-20432 | Trust: 2.5 |
| db: | PACKETSTORM | id: | 159058 | Trust: 1.7 |
| db: | DLINK | id: | SAP10109 | Trust: 1.7 |
| db: | JVNDB | id: | JVNDB-2018-016499 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202009-867 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2018-20432 | Trust: 0.1 |
sources:
VULMON: CVE-2018-20432 //
JVNDB: JVNDB-2018-016499 //
CNNVD: CNNVD-202009-867 //
NVD: CVE-2018-20432
REFERENCES
| url: | http://packetstormsecurity.com/files/159058/covr-3902-1.01b0-hardcoded-credentials.html | Trust: 1.8 |
| url: | https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10109 | Trust: 1.7 |
| url: | https://cybersecurityworks.com/zerodays/cve-2018-20432-dlink.html | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-20432 | Trust: 1.4 |
| url: | https://cwe.mitre.org/data/definitions/798.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULMON: CVE-2018-20432 //
JVNDB: JVNDB-2018-016499 //
CNNVD: CNNVD-202009-867 //
NVD: CVE-2018-20432
SOURCES
| db: | VULMON | id: | CVE-2018-20432 |
| db: | JVNDB | id: | JVNDB-2018-016499 |
| db: | CNNVD | id: | CNNVD-202009-867 |
| db: | NVD | id: | CVE-2018-20432 |
LAST UPDATE DATE
2024-11-23T23:01:14.203000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2018-20432 | date: | 2020-10-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-016499 | date: | 2021-03-29T09:14:00 |
| db: | CNNVD | id: | CNNVD-202009-867 | date: | 2021-01-04T00:00:00 |
| db: | NVD | id: | CVE-2018-20432 | date: | 2024-11-21T04:01:28.247 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2018-20432 | date: | 2020-09-14T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-016499 | date: | 2021-03-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202009-867 | date: | 2020-09-14T00:00:00 |
| db: | NVD | id: | CVE-2018-20432 | date: | 2020-09-14T14:15:10.540 |