Authentication Bypass Vulnerability in D-Link DVA-5592 Router
CVE-2018-17777

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dva-5592 Firmware
Vendor: CVE Published:; 18 December 2018

Summary

A security flaw has been identified in the D-Link DVA-5592 A1_WI_20180823 model, where the use of the default Parental Control PIN allows attackers to bypass the login form at the '/ui/cbpc/login' endpoint. By manipulating the 'sid' cookie path, an attacker can gain unauthorized access to the router's control panel, potentially leading to unauthorized configuration changes and system compromises.

References

https://www.gubello.me/blog/router-dlink-dva-5592-authent...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2018
Vulnerability Reserved
Sep 28, 2018