Hardcoded Credentials in D-Link DSR Series Routers
CVE-2013-7004

Currently unrated

Key Information:

Vendor: D-Link
Status: Dsr-500 Firmware; Dsr-500
Vendor: CVE Published:; 19 December 2013

Summary

Certain D-Link DSR series routers, including models DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500, DSR-500N, DSR-1000, and DSR-1000N, are affected by a security flaw that involves hardcoded credentials. The presence of the hardcoded account username 'gkJ9232xXyruTRmY' allows attackers to gain unauthorized access to these devices if they are aware of this username. This vulnerability highlights the importance of proper credential management in network devices to prevent unauthorized access and potential exploitation.

References

http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_...

x_refsource_MISC

http://www.exploit-db.com/exploits/30061

exploitx_refsource_EXPLOIT-DB

http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Releas...

x_refsource_MISC

Timeline

Vulnerability published
Dec 19, 2013
Vulnerability Reserved
Dec 7, 2013