#VU13007 Privilege escalation (backdoor) in DIR-620 - CVE-2018-6213
Published: May 24, 2018
Vulnerability identifier: #VU13007
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-6213
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
DIR-620
DIR-620
Software vendor:
D-Link
D-Link
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exist due use of hardcoded default credentials for web dashboard. A remote attacker can use a backdoor account to gain privileged access to the firmware, extract sensitive data, e.g., configuration files with plain-text passwords, run arbitrary JavaScript code in the user environment and run arbitrary commands in the router’s operating system (OS).
Successful exploitation of the vulnerability may result in system compromise.
Remediation
To mitigate the issues Kaspersky recommends:
- Restrict any access to the web dashboard using a whitelist of trusted IPs
- Restrict any access to Telnet
- Regularly change your router admin username and password.