// For flags

CVE-2019-18852

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.

Determinados dispositivos D-Link, poseen una cuenta de usuario de Alphanetworks embebida con acceso de TELNET debido a etc/config/image_sign o /etc/alpha_config/image_sign. Esto afecta a DIR-600 B1 versión V2.01 para WW, DIR-890L A1 versión v1.03, DIR-615 J1 versión v100 (para DCN), DIR-645 A1 versión v1.03, DIR-815 A1 versión v1.01, DIR-823 A1 versión v1.01 y DIR-842 C1 versión v3.00.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-11-11 CVE Reserved
  • 2019-11-11 CVE Published
  • 2023-10-18 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
Dir-600 B1 Firmware
Search vendor "Dlink" for product "Dir-600 B1 Firmware"
2.01
Search vendor "Dlink" for product "Dir-600 B1 Firmware" and version "2.01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-600 B1
Search vendor "Dlink" for product "Dir-600 B1"
--
Safe
Dlink
Search vendor "Dlink"
Dir-615 J1 Firmware
Search vendor "Dlink" for product "Dir-615 J1 Firmware"
100
Search vendor "Dlink" for product "Dir-615 J1 Firmware" and version "100"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-615 J1
Search vendor "Dlink" for product "Dir-615 J1"
--
Safe
Dlink
Search vendor "Dlink"
Dir-645 A1 Firmware
Search vendor "Dlink" for product "Dir-645 A1 Firmware"
1.03
Search vendor "Dlink" for product "Dir-645 A1 Firmware" and version "1.03"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-645 A1
Search vendor "Dlink" for product "Dir-645 A1"
--
Safe
Dlink
Search vendor "Dlink"
Dir-815 A1 Firmware
Search vendor "Dlink" for product "Dir-815 A1 Firmware"
1.01
Search vendor "Dlink" for product "Dir-815 A1 Firmware" and version "1.01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-815 A1
Search vendor "Dlink" for product "Dir-815 A1"
--
Safe
Dlink
Search vendor "Dlink"
Dir-823 A1 Firmware
Search vendor "Dlink" for product "Dir-823 A1 Firmware"
1.01
Search vendor "Dlink" for product "Dir-823 A1 Firmware" and version "1.01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-823 A1
Search vendor "Dlink" for product "Dir-823 A1"
--
Safe
Dlink
Search vendor "Dlink"
Dir-842 C1 Firmware
Search vendor "Dlink" for product "Dir-842 C1 Firmware"
3.00
Search vendor "Dlink" for product "Dir-842 C1 Firmware" and version "3.00"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-842 C1
Search vendor "Dlink" for product "Dir-842 C1"
--
Safe
Dlink
Search vendor "Dlink"
Dir-890l A1 Firmware
Search vendor "Dlink" for product "Dir-890l A1 Firmware"
1.03
Search vendor "Dlink" for product "Dir-890l A1 Firmware" and version "1.03"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-890l A1
Search vendor "Dlink" for product "Dir-890l A1"
--
Safe