A vulnerability was found in D-Link COVR 3902 REVA 1.01B0. It has been classified as critical. Affected is some unknown functionality of the component Telnet. The manipulation with the input value Alphanetworks/wrgac61_dlink.2015_dir883 leads to a hard-coded credentials vulnerability. CWE is classifying the issue as CWE-798. The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.

The weakness was shared 09/02/2020 as not defined mailinglist post (Full-Disclosure). The advisory is shared for download at seclists.org. This vulnerability is traded as CVE-2018-20432. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known. The MITRE ATT&CK project declares the attack technique as T1110.001.

After immediately, there has been an exploit disclosed. The exploit is shared for download at seclists.org. It is declared as proof-of-concept. As 0-day the estimated underground price was around $5k-$25k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Vendor

• D-Link

Name

• COVR 3902 REVA

Version

• 1.01B0

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion