First published: Tue Jun 19 2018(Updated: )
D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
D-Link DIR-620S | =1.0.3 | |
D-Link DIR-620S | =1.0.37 | |
D-Link DIR-620S | =1.3.1 | |
D-Link DIR-620S | =1.3.3 | |
D-Link DIR-620S | =1.3.7 | |
D-Link DIR-620S | =1.4.0 | |
D-Link DIR-620S | =2.0.22 | |
D-Link DIR-620 Firmware | =1.0.37 | |
dlink DIR-620 firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6210 is considered a high severity vulnerability due to the presence of a hardcoded account that allows unauthorized remote access.
To fix CVE-2018-6210, update the D-Link DIR-620 firmware to a version that does not include the hardcoded rostel account.
The D-Link DIR-620 devices running the Rostelekom variant of firmware version 1.0.37 are affected by CVE-2018-6210.
CVE-2018-6210 allows remote attackers to gain unauthorized access via a TELNET session due to the hardcoded account.
There have been reports suggesting that CVE-2018-6210 may be exploited by attackers to compromise vulnerable devices.