A critical vulnerability in Davolink DVW-3200N was disclosed on July 31. CVE-2018-10618 has been assigned to this vulnerability and the CVSS v3 base score is 9.8. This device generates a weak password hash that is easy to crack, allowing a remote attacker to gain access to the device.

Reference: https://ics-cert.us-cert.gov/advisories/ICSA-18-212-01

Affected Versions

DVW-3200N version < 1.00.06

Unaffected Version

DVW-3200N version 1.00.06

Solution

Davolink has produced a new firmware version for the device that can be donloaded from: http://www.davolink.co.kr/sys/bbs/board.php?bo_table=0403&wr_id=50

Leave a Reply

Your email address will not be published. Required fields are marked *