Current Description
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
Source:
MITRE
View Analysis Description
Analysis Description
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
Source:
MITRE
Severity
CVSS 3.x Severity and Metrics:
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Metrics:
Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.
Weakness Enumeration
| CWE-ID |
CWE Name |
Source |
| CWE-798 |
Use of Hard-coded Credentials |
NIST
|
Known Affected Software Configurations
Switch to CPE 2.2
Configuration 1 (
hide )
Configuration 2 (
hide )
Configuration 3 (
hide )
Configuration 4 (
hide )
Configuration 5 (
hide )
Configuration 6 (
hide )
Configuration 7 (
hide )
Change History
1 change record found
- show changes
Initial Analysis -
11/14/2019 10:33:44 AM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:dlink:dir-600_b1_firmware:2.01:*:*:*:*:*:*:*
OR
cpe:2.3:h:dlink:dir-600_b1:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:dlink:dir-615_j1_firmware:100:*:*:*:*:*:*:*
OR
cpe:2.3:h:dlink:dir-615_j1:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:dlink:dir-645_a1_firmware:1.03:*:*:*:*:*:*:*
OR
cpe:2.3:h:dlink:dir-645_a1:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:dlink:dir-815_a1_firmware:1.01:*:*:*:*:*:*:*
OR
cpe:2.3:h:dlink:dir-815_a1:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:dlink:dir-823_a1_firmware:1.01:*:*:*:*:*:*:*
OR
cpe:2.3:h:dlink:dir-823_a1:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:dlink:dir-842_c1_firmware:3.00:*:*:*:*:*:*:*
OR
cpe:2.3:h:dlink:dir-842_c1:-:*:*:*:*:*:*:* |
| Added |
CPE Configuration |
|
AND
OR
*cpe:2.3:o:dlink:dir-890l_a1_firmware:1.03:*:*:*:*:*:*:*
OR
cpe:2.3:h:dlink:dir-890l_a1:-:*:*:*:*:*:*:* |
| Added |
CVSS V2 |
|
NIST (AV:N/AC:L/Au:N/C:C/I:C/A:C) |
| Added |
CVSS V3.1 |
|
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Added |
CWE |
|
NIST CWE-798 |
| Changed |
Reference Type |
https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf No Types Assigned |
https://github.com/ChandlerChin/Dlink_vuls/blob/master/A%20hard%20coded%20telnet%20user%20was%20discovered%20in%20multiple%20Dlink%20routers.pdf Exploit, Third Party Advisory |