Search criteria
2 vulnerabilities found for DWR-X1820 by D-Link Corporation
CVE-2026-4377 (GCVE-0-2026-4377)
Vulnerability from nvd – Published: 2026-05-28 09:02 – Updated: 2026-05-28 12:02
VLAI
Title
Use of Weak Credentials in D-Link DWR-X1820 router
Summary
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.
This issue was fixed in version 1.00B16CP.
Severity
CWE
- CWE-1391 - Use of Weak Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert.pl/posts/2026/05/CVE-2026-4377 | third-party-advisory |
| https://www.dlink.com/pl/pl/products/dwr-1820-cp#… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Corporation | DWR-X1820 |
Affected:
1.00B14CP , < 1.00B16CP
(custom)
|
Date Public
2026-05-28 08:58
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T12:01:49.404700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T12:02:42.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DWR-X1820",
"vendor": "D-Link Corporation",
"versions": [
{
"lessThan": "1.00B16CP",
"status": "affected",
"version": "1.00B14CP",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bart\u0142omiej W\u0142odarski"
}
],
"datePublic": "2026-05-28T08:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dlink\u0026nbsp;DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in version\u0026nbsp;1.00B16CP."
}
],
"value": "Dlink\u00a0DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.\n\nThis issue was fixed in version\u00a01.00B16CP."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T09:02:44.579Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/05/CVE-2026-4377"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/pl/pl/products/dwr-1820-cp#support"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use of Weak Credentials in D-Link DWR-X1820 router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2026-4377",
"datePublished": "2026-05-28T09:02:44.579Z",
"dateReserved": "2026-03-18T12:46:23.457Z",
"dateUpdated": "2026-05-28T12:02:42.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4377 (GCVE-0-2026-4377)
Vulnerability from cvelistv5 – Published: 2026-05-28 09:02 – Updated: 2026-05-28 12:02
VLAI
Title
Use of Weak Credentials in D-Link DWR-X1820 router
Summary
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.
This issue was fixed in version 1.00B16CP.
Severity
CWE
- CWE-1391 - Use of Weak Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert.pl/posts/2026/05/CVE-2026-4377 | third-party-advisory |
| https://www.dlink.com/pl/pl/products/dwr-1820-cp#… | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| D-Link Corporation | DWR-X1820 |
Affected:
1.00B14CP , < 1.00B16CP
(custom)
|
Date Public
2026-05-28 08:58
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T12:01:49.404700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T12:02:42.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DWR-X1820",
"vendor": "D-Link Corporation",
"versions": [
{
"lessThan": "1.00B16CP",
"status": "affected",
"version": "1.00B14CP",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bart\u0142omiej W\u0142odarski"
}
],
"datePublic": "2026-05-28T08:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dlink\u0026nbsp;DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in version\u0026nbsp;1.00B16CP."
}
],
"value": "Dlink\u00a0DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.\n\nThis issue was fixed in version\u00a01.00B16CP."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391 Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T09:02:44.579Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2026/05/CVE-2026-4377"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/pl/pl/products/dwr-1820-cp#support"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use of Weak Credentials in D-Link DWR-X1820 router",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2026-4377",
"datePublished": "2026-05-28T09:02:44.579Z",
"dateReserved": "2026-03-18T12:46:23.457Z",
"dateUpdated": "2026-05-28T12:02:42.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}