CVE-2019-18852

Published Nov 11, 2019

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-319

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-600_b1_firmware:2.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5822C40-63B4-4C38-BB44-30C890B7D3CB"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-600_b1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D01EA1FD-0D5E-466E-8866-119E58379185"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-615_j1_firmware:100:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91B9B0C2-0823-4C78-BDA7-66E618ACA1C1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-615_j1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A573F4F5-3783-40A1-BD4A-02D08EDC660F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-645_a1_firmware:1.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8309559B-540F-42AC-AD7A-CF0D26E711F1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-645_a1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C4637D9F-F585-4E78-805B-C6FD2A1F8569"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-815_a1_firmware:1.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F38E5FB-3BF9-421B-B8B3-E766160FEE9D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-815_a1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "13F27579-BF50-4B02-A8E6-CB87CA9BD9B4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-823_a1_firmware:1.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "761B7A67-0762-4A9A-89D1-85A7CF60B952"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-823_a1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AD2A9CE7-96F0-43B5-9C2C-28D3B7F6AA8F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-842_c1_firmware:3.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE29AFFE-21B1-4BF2-9F31-46229F874F5F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-842_c1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0D6B838C-46CA-4334-97AD-8E96CADCC7E3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dlink:dir-890l_a1_firmware:1.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F3DDDE6-8254-4E73-8042-2EE1DEB374F1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dlink:dir-890l_a1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CE05B21E-C419-4443-A638-329EAC03CDF9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References