CVE-2018-20432 – Hardcoded credentials in DLink CoVR-2600R Router
Severity:High
Vendor
DLink
Affected Product
COVR-3902_REVA_ROUTER_FIRMWARE_v1.01B0
CVE
CVE-2018-20432
Securin ID
2018-CSW-02-1019
Status
Fixed
Date
December 5, 2018
Description
The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data.
Proof of Concept (POC):
Issuesย
1. Download the firmware from the mentioned download URLs.
2. Extract the firmware using binwalk. โbinwalk -e COVR-3902_ROUTER_v101b05.bin.โ
Figure 1: Extracting a firmware
3. Go to โcat ./etc/init0.d/S80telnetd.shโ to get a username
Figure 2: Clear text username as shown in screenshots
4. Go to โcat ./etc/config/image_signโ to get a password