CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 1CVE-2019-18852
https://notcve.org/view.php?id=CVE-2019-18852
11 Nov 2019 — Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00. Determinados dispositivos D-Link, poseen una cuenta de usuario de Alphanetworks embebida con acceso de TELNET debido a etc/config/image_sign o /etc/alpha_config/image_sign. Esto afecta a DIR-600 B1 v... • https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 78%CPEs: 2EXPL: 4CVE-2017-12943 – D-Link DIR-600 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2017-12943
18 Aug 2017 — D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. Los dispositivos D-Link DIR-600 Rev Bx con firmware v2.x permiten a los atacantes remotos leer contraseñas mediante un ataque de tipo Absolute Path Traversal model/__show_info.php?REQUIRE_FILE= tal y como se puede ver al descubrir la contraseña de administrador. • https://www.exploit-db.com/exploits/42581 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •