Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDlink Dir 600 B1
HWDlinkwszystkie wersjeDlink Dir 600 B1 Firmware
OSDlink2.01Dlink Dir 615 J1
HWDlinkwszystkie wersjeDlink Dir 615 J1 Firmware
OSDlink100Dlink Dir 645 A1
HWDlinkwszystkie wersjeDlink Dir 645 A1 Firmware
OSDlink1.03Dlink Dir 815 A1
HWDlinkwszystkie wersjeDlink Dir 815 A1 Firmware
OSDlink1.01Dlink Dir 823 A1
HWDlinkwszystkie wersjeDlink Dir 823 A1 Firmware
OSDlink1.01Dlink Dir 842 C1
HWDlinkwszystkie wersjeDlink Dir 842 C1 Firmware
OSDlink3.00Dlink Dir 890l A1
HWDlinkwszystkie wersjeDlink Dir 890l A1 Firmware
OSDlink1.03
Powiązane podatności
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly wi...
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_i...
D-Link DNS-320L/325/327L/340L — zakodowane na stałe poświadczenia (hard-coded credentials)
OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to roo...
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli para...