fkie_nvd - fkie_cve-2019-18852

fkie_cve-2019-18852

Vulnerability from fkie_nvd

Published

2019-11-11 14:15

Modified

2024-11-21 04:33

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.

References

▶	URL	Tags
	cve@mitre.org	https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf	Exploit, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
dlink	dir-600_b1_firmware	2.01
dlink	dir-600_b1	-
dlink	dir-615_j1_firmware	100
dlink	dir-615_j1	-
dlink	dir-645_a1_firmware	1.03
dlink	dir-645_a1	-
dlink	dir-815_a1_firmware	1.01
dlink	dir-815_a1	-
dlink	dir-823_a1_firmware	1.01
dlink	dir-823_a1	-
dlink	dir-842_c1_firmware	3.00
dlink	dir-842_c1	-
dlink	dir-890l_a1_firmware	1.03
dlink	dir-890l_a1	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-600_b1_firmware:2.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5822C40-63B4-4C38-BB44-30C890B7D3CB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-600_b1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01EA1FD-0D5E-466E-8866-119E58379185",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-615_j1_firmware:100:*:*:*:*:*:*:*",
              "matchCriteriaId": "91B9B0C2-0823-4C78-BDA7-66E618ACA1C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-615_j1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A573F4F5-3783-40A1-BD4A-02D08EDC660F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-645_a1_firmware:1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "8309559B-540F-42AC-AD7A-CF0D26E711F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-645_a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4637D9F-F585-4E78-805B-C6FD2A1F8569",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-815_a1_firmware:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F38E5FB-3BF9-421B-B8B3-E766160FEE9D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-815_a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13F27579-BF50-4B02-A8E6-CB87CA9BD9B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-823_a1_firmware:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "761B7A67-0762-4A9A-89D1-85A7CF60B952",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-823_a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD2A9CE7-96F0-43B5-9C2C-28D3B7F6AA8F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-842_c1_firmware:3.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE29AFFE-21B1-4BF2-9F31-46229F874F5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-842_c1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D6B838C-46CA-4334-97AD-8E96CADCC7E3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dlink:dir-890l_a1_firmware:1.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F3DDDE6-8254-4E73-8042-2EE1DEB374F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dlink:dir-890l_a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE05B21E-C419-4443-A638-329EAC03CDF9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00."
    },
    {
      "lang": "es",
      "value": "Determinados dispositivos D-Link, poseen una cuenta de usuario de Alphanetworks embebida con acceso de TELNET debido a etc/config/image_sign o /etc/alpha_config/image_sign. Esto afecta a DIR-600 B1 versi\u00f3n V2.01 para WW, DIR-890L A1 versi\u00f3n v1.03, DIR-615 J1 versi\u00f3n v100 (para DCN), DIR-645 A1 versi\u00f3n v1.03, DIR-815 A1 versi\u00f3n v1.01, DIR-823 A1 versi\u00f3n v1.01 y DIR-842 C1 versi\u00f3n v3.00."
    }
  ],
  "id": "CVE-2019-18852",
  "lastModified": "2024-11-21T04:33:42.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-11T14:15:10.697",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-18852 (GCVE-0-2019-18852)

Vulnerability from cvelistv5

Published

2019-11-11 13:42

Modified

2024-08-05 02:02

Severity ?

CWE

Summary

References

►

URL

Tags

https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf

x_refsource_MISC