CVE-2018-6213
 
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.
En el servidor web de los dispositivos D-Link DIR-620 con una determinada variante personalizada (por proveedor de Internet) del firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0 y 2.0.22, hay una contraseƱa embebida "anonymous" para la cuenta de administrador.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-01-24 CVE Reserved
- 2018-06-20 CVE Published
- 2023-11-11 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities | Third Party Advisory | |
https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html | Third Party Advisory | |
https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://securelist.com/backdoors-in-d-links-backyard/85530 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
D-link Search vendor "D-link" | Dir-620 Firmware Search vendor "D-link" for product "Dir-620 Firmware" | 1.0.3 Search vendor "D-link" for product "Dir-620 Firmware" and version "1.0.3" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-620 Search vendor "Dlink" for product "Dir-620" | - | - |
Safe
|
D-link Search vendor "D-link" | Dir-620 Firmware Search vendor "D-link" for product "Dir-620 Firmware" | 1.0.37 Search vendor "D-link" for product "Dir-620 Firmware" and version "1.0.37" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-620 Search vendor "Dlink" for product "Dir-620" | - | - |
Safe
|
D-link Search vendor "D-link" | Dir-620 Firmware Search vendor "D-link" for product "Dir-620 Firmware" | 1.3.1 Search vendor "D-link" for product "Dir-620 Firmware" and version "1.3.1" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-620 Search vendor "Dlink" for product "Dir-620" | - | - |
Safe
|
D-link Search vendor "D-link" | Dir-620 Firmware Search vendor "D-link" for product "Dir-620 Firmware" | 1.3.3 Search vendor "D-link" for product "Dir-620 Firmware" and version "1.3.3" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-620 Search vendor "Dlink" for product "Dir-620" | - | - |
Safe
|
D-link Search vendor "D-link" | Dir-620 Firmware Search vendor "D-link" for product "Dir-620 Firmware" | 1.3.7 Search vendor "D-link" for product "Dir-620 Firmware" and version "1.3.7" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-620 Search vendor "Dlink" for product "Dir-620" | - | - |
Safe
|
D-link Search vendor "D-link" | Dir-620 Firmware Search vendor "D-link" for product "Dir-620 Firmware" | 1.4.0 Search vendor "D-link" for product "Dir-620 Firmware" and version "1.4.0" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-620 Search vendor "Dlink" for product "Dir-620" | - | - |
Safe
|
D-link Search vendor "D-link" | Dir-620 Firmware Search vendor "D-link" for product "Dir-620 Firmware" | 2.0.22 Search vendor "D-link" for product "Dir-620 Firmware" and version "2.0.22" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-620 Search vendor "Dlink" for product "Dir-620" | - | - |
Safe
|