First published: Mon Nov 11 2019(Updated: )
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dlink Dir-600 B1 Firmware | =2.01 | |
Dlink Dir-600 B1 | ||
Dlink Dir-615 J1 Firmware | =100 | |
Dlink Dir-615 J1 | ||
Dlink Dir-645 A1 Firmware | =1.03 | |
Dlink Dir-645 A1 | ||
Dlink Dir-815 A1 Firmware | =1.01 | |
Dlink Dir-815 A1 | ||
Dlink Dir-823 A1 Firmware | =1.01 | |
Dlink Dir-823 A1 | ||
Dlink Dir-842 C1 Firmware | =3.00 | |
Dlink Dir-842 C1 | ||
Dlink Dir-890l A1 Firmware | =1.03 | |
Dlink Dir-890l A1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18852 is a vulnerability found in certain D-Link devices that allows unauthorized access via a hardcoded user account with TELNET access.
The D-Link devices affected by CVE-2019-18852 include DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
CVE-2019-18852 has a severity rating of 9.8 out of 10, which indicates a critical vulnerability.
To fix CVE-2019-18852, it is recommended to update the firmware of the affected D-Link devices to a version that addresses this vulnerability.
You can find more information about CVE-2019-18852 at the following link: [GitHub - A hard coded telnet user was discovered in multiple Dlink routers](https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf)