Weak Default Password Vulnerability in Dlink DWR-X1820 Router
CVE-2026-4377

6MEDIUM

Key Information:

Vendor: D-link Corporation
Status: Dwr-x1820
Vendor: CVE Published:; 28 May 2026

🔔 Create D-link Corporation Vulnerability Alert

What is CVE-2026-4377?

The Dlink DWR-X1820 router is susceptible to security risks due to its use of weak default passwords generated from the device's IMEI number. This design flaw allows an attacker who knows how the default passwords are formulated to easily exploit the vulnerability, especially if they have access to the IMEI number. Users are not prompted to change this default password, which increases the device's susceptibility to unauthorized access. A fix was implemented in version 1.00B16CP to address this concern.

Affected Version(s)

DWR-X1820 1.00B14CP < 1.00B16CP

References

https://cert.pl/posts/2026/05/CVE-2026-4377

third-party-advisory

https://www.dlink.com/pl/pl/products/dwr-1820-cp#support

product

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
Mar 18, 2026

Credit

Bartłomiej Włodarski

CVE-2026-4377 Data

JSON