critical
10
CWE
319
Advisory Published
Updated

CVE-2019-18852

First published: Mon Nov 11 2019(Updated: )

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Dlink Dir-600 B1 Firmware=2.01
Dlink Dir-600 B1
Dlink Dir-615 J1 Firmware=100
Dlink Dir-615 J1
Dlink Dir-645 A1 Firmware=1.03
Dlink Dir-645 A1
Dlink Dir-815 A1 Firmware=1.01
Dlink Dir-815 A1
Dlink Dir-823 A1 Firmware=1.01
Dlink Dir-823 A1
Dlink Dir-842 C1 Firmware=3.00
Dlink Dir-842 C1
Dlink Dir-890l A1 Firmware=1.03
Dlink Dir-890l A1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-18852?

    CVE-2019-18852 is a vulnerability found in certain D-Link devices that allows unauthorized access via a hardcoded user account with TELNET access.

  • What devices are affected by CVE-2019-18852?

    The D-Link devices affected by CVE-2019-18852 include DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.

  • How severe is CVE-2019-18852?

    CVE-2019-18852 has a severity rating of 9.8 out of 10, which indicates a critical vulnerability.

  • How can I fix CVE-2019-18852?

    To fix CVE-2019-18852, it is recommended to update the firmware of the affected D-Link devices to a version that addresses this vulnerability.

  • Where can I find more information about CVE-2019-18852?

    You can find more information about CVE-2019-18852 at the following link: [GitHub - A hard coded telnet user was discovered in multiple Dlink routers](https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203