Home

Description

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP.

PUBLISHED Reserved 2026-03-18 | Published 2026-05-28 | Updated 2026-05-28 | Assigner CERT-PL




MEDIUM: 6.0CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-1391 Use of Weak Credentials

Product status

Default status
unaffected

1.00B14CP (custom) before 1.00B16CP
affected

Credits

Bartłomiej Włodarski finder

References

cert.pl/posts/2026/05/CVE-2026-4377 third-party-advisory

www.dlink.com/pl/pl/products/dwr-1820-cp product

cve.org (CVE-2026-4377)

nvd.nist.gov (CVE-2026-4377)

Download JSON