Remote Access Vulnerability in D-Link DVG-N5402SP Routers
CVE-2015-7246

9.8CRITICAL

Key Information:

Vendor
D-link
Status
Dvg-n5402sp Firmware
Vendor
CVE Published:
24 April 2017

Summary

The D-Link DVG-N5402SP router suffers from an authentication bypass vulnerability due to default passwords such as 'root' for the root account and 'tw' for the tw account. This flaw allows remote attackers to gain administrative access without proper authentication, compromising the security of the device and the network it protects. Users are advised to change default credentials immediately to mitigate the risk of unauthorized access.

References

http://packetstormsecurity.com/files/135590/D-Link-DVG-N5...
x_refsource_MISC
http://seclists.org/fulldisclosure/2016/Feb/24
mailing-listx_refsource_FULLDISC
https://www.exploit-db.com/exploits/39409/
exploitx_refsource_EXPLOIT-DB

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.