Support Announcements
COVR-2600R & COVR-3902 Kit :: CVE-2018-20432 :: Hard-Coded Credential Discovered in Router Firmware 1.01B05 and older

Overview  

 

In December 2018, D-Link becamea aware of a 3rd Party security researcher that accused the COVR-2600R, the router device included with the COVR-3902 Kit, of having hard-coded passwords located in it's firmware. D-Link Immediately investigated since new extended QA testing, deisgned to discover hard-coded credentials performed on the firmware prior to shipment. D-Link found that the accused firmware was approved prior to implementation of our new testing, however subdequent release were corrected, the report was confirmed and a patch released. 

 

3rd Party Report: 

 

Arjun Basnet of CSW Research Lab :: disclose _at_  cybersecurityworks _dot_ com

CVE-2018-20432: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20432

NIST : https://nvd.nist.gov/vuln/detail/CVE-2018-20432

 

Details

 

Please Contact CSW Research Lab for detailed report on how they discovered the credentials.

 

In addition to this report this firmware includes addtional fixes for bugs and security issues discovered from the previously released fimrware.


 

Affected Products and Fixes:

 

This firmware update does require a two step update.  The new firmware final firmware is encrypted. In order to perform the upgrade,users should load COVR-2600R_FW101b05beta_firmwareencryption_20190107_middle.bin,  then load the final firmware COVR-2600R_FW101b05beta_firmwareencryption_20190107.bin.

 

Model Revision Affected FW Fixed FW  Last Updated
COVR-2600R All A Revisions v1.01B05 v1.01b05Beta01 02/12/2019

 

 

Regarding Security patch for your D-Link Devices
 
Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
 
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.