Dva 5592 Firmware
CVE-2018-17777
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges.
AnalysisAI
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have access to the router control panel with administrator privileges. Affected products include: Dlink Dva-5592 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Dva 5592 Firmware
View allThe web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticat
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflect
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today