Remote Access Vulnerability in D-Link DIR-620 Devices by D-Link
CVE-2018-6210

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dir-620 Firmware
Vendor: CVE Published:; 19 June 2018

Summary

D-Link DIR-620 devices, specifically those running the Rostelekom variant of firmware version 1.0.37, have been identified to possess a security flaw due to the presence of hardcoded credentials. This vulnerability allows remote attackers to gain unauthorized access to the device through TELNET, potentially compromising the network and sensitive data. Users are urged to audit their device settings and implement additional security measures to safeguard against potential exploitation.

References

https://securelist.com/backdoors-in-d-links-backyard/85530/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2018
Vulnerability Reserved
Jan 24, 2018