CVE-2018-17777
First published: Tue Dec 18 2018(Updated: )
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dva-5592 Firmware | =a1_wi_20180823 | |
| Dlink Dva-5592 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-17777.
What is the severity of CVE-2018-17777?
The severity of CVE-2018-17777 is critical with a rating of 9.8.
Which devices are affected by CVE-2018-17777?
The D-Link DVA-5592 A1_WI_20180823 devices are affected by CVE-2018-17777.
How can the login form bypass be exploited in CVE-2018-17777?
By editing the path of the cookie "sid" generated from the page, an attacker can bypass the login form if the PIN is the default Parental Control PIN (0000).
Is there a fix available for CVE-2018-17777?
At the moment, there is no known fix available for CVE-2018-17777.
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- vendor/dlink
- canonical/dlink dva-5592 firmware
- version/dlink dva-5592 firmware/a1_wi_20180823
- canonical/dlink dva-5592