Securin Zero-Days

CVE-2018-20432 – Hardcoded credentials in DLink CoVR-2600R Router

Severity:High

Vendor

DLink

Affected Product

COVR-3902_REVA_ROUTER_FIRMWARE_v1.01B0

CVE

CVE-2018-20432

Securin ID

2018-CSW-02-1019

Status

Fixed

Date

December 5, 2018

Description

The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data.

 

Proof of Concept (POC):

Issuesย 

1. Download the firmware from the mentioned download URLs.

2. Extract the firmware using binwalk. โ€œbinwalk -e COVR-3902_ROUTER_v101b05.bin.โ€

Figure 1: Extracting a firmware

 

3. Go to โ€œcat ./etc/init0.d/S80telnetd.shโ€ to get a username

Figure 2: Clear text username as shown in screenshots

 

4. Go to โ€œcat ./etc/config/image_signโ€ to get a password