Sign-up

ID

VAR-201806-1493


CVE

CVE-2018-6213


TITLE

D-Link DIR-620 Vulnerabilities related to the use of hard-coded credentials in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-006570

DESCRIPTION

In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account. D-Link DIR-620 Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-linkDIR-620 is a wireless router product of D-Link. Webserver is one of the web servers. A security vulnerability exists in the Webserver in D-LinkDIR-620 that originated from a hard-coded password in the admin account. An attacker could exploit this vulnerability to obtain sensitive data. Products using the following firmware versions are affected: firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, 2.0.22

Trust: 2.34

sources: NVD: CVE-2018-6213 // JVNDB: JVNDB-2018-006570 // CNVD: CNVD-2018-12852 // VULHUB: VHN-136245 // VULMON: CVE-2018-6213

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12852

AFFECTED PRODUCTS

vendor:d linkmodel:dir-620scope:eqversion:1.0.3

Trust: 3.0

vendor:d linkmodel:dir-620scope:eqversion:1.0.37

Trust: 3.0

vendor:d linkmodel:dir-620scope:eqversion:1.3.1

Trust: 3.0

vendor:d linkmodel:dir-620scope:eqversion:1.3.3

Trust: 3.0

vendor:d linkmodel:dir-620scope:eqversion:1.3.7

Trust: 3.0

vendor:d linkmodel:dir-620scope:eqversion:1.4.0

Trust: 3.0

vendor:d linkmodel:dir-620scope:eqversion:2.0.22

Trust: 3.0

sources: CNVD: CNVD-2018-12852 // JVNDB: JVNDB-2018-006570 // CNNVD: CNNVD-201806-1063 // NVD: CVE-2018-6213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6213
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-6213
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-12852
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-1063
value: CRITICAL

Trust: 0.6

VULHUB: VHN-136245
value: HIGH

Trust: 0.1

VULMON: CVE-2018-6213
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-6213
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-12852
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-136245
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6213
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12852 // VULHUB: VHN-136245 // VULMON: CVE-2018-6213 // JVNDB: JVNDB-2018-006570 // CNNVD: CNNVD-201806-1063 // NVD: CVE-2018-6213

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-136245 // JVNDB: JVNDB-2018-006570 // NVD: CVE-2018-6213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1063

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-1063

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006570

PATCH
title:D-Link DIR-620url:http://www.dlink.ru/mn/products/5/1357.html
Trust: 0.8
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-6213 // 
            
            
            
            JVNDB: JVNDB-2018-006570

EXTERNAL IDS
db:NVDid:CVE-2018-6213
Trust: 3.2
db:JVNDBid:JVNDB-2018-006570
Trust: 0.8
db:CNNVDid:CNNVD-201806-1063
Trust: 0.7
db:CNVDid:CNVD-2018-12852
Trust: 0.6
db:VULHUBid:VHN-136245
Trust: 0.1
db:VULMONid:CVE-2018-6213
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12852 // 
            
            
            
            VULHUB: VHN-136245 // 
            
            
            
            VULMON: CVE-2018-6213 // 
            
            
            
            JVNDB: JVNDB-2018-006570 // 
            
            
            
            CNNVD: CNNVD-201806-1063 // 
            
            
            
            NVD: CVE-2018-6213

REFERENCES
url:https://securelist.com/backdoors-in-d-links-backyard/85530/
Trust: 2.6
url:http://www.securitynewspaper.com/2018/05/25/d-link-dir-620-routers-critical-vulnerabilities/
Trust: 2.4
url:https://www.bleepingcomputer.com/news/security/backdoor-account-found-in-d-link-dir-620-routers/
Trust: 1.9
url:https://securityaffairs.co/wordpress/72839/hacking/d-link-dir-620-flaws.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6213
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6213
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12852 // 
            
            
            
            VULHUB: VHN-136245 // 
            
            
            
            VULMON: CVE-2018-6213 // 
            
            
            
            JVNDB: JVNDB-2018-006570 // 
            
            
            
            CNNVD: CNNVD-201806-1063 // 
            
            
            
            NVD: CVE-2018-6213

SOURCES
db:CNVDid:CNVD-2018-12852
db:VULHUBid:VHN-136245
db:VULMONid:CVE-2018-6213
db:JVNDBid:JVNDB-2018-006570
db:CNNVDid:CNNVD-201806-1063
db:NVDid:CVE-2018-6213

LAST UPDATE DATE
2024-11-23T23:02:08.006000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12852date:2018-07-11T00:00:00
db:VULHUBid:VHN-136245date:2018-08-11T00:00:00
db:VULMONid:CVE-2018-6213date:2018-08-11T00:00:00
db:JVNDBid:JVNDB-2018-006570date:2018-08-24T00:00:00
db:CNNVDid:CNNVD-201806-1063date:2023-04-27T00:00:00
db:NVDid:CVE-2018-6213date:2024-11-21T04:10:18.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12852date:2018-07-11T00:00:00
db:VULHUBid:VHN-136245date:2018-06-20T00:00:00
db:VULMONid:CVE-2018-6213date:2018-06-20T00:00:00
db:JVNDBid:JVNDB-2018-006570date:2018-08-24T00:00:00
db:CNNVDid:CNNVD-201806-1063date:2018-06-21T00:00:00
db:NVDid:CVE-2018-6213date:2018-06-20T16:29:00.437