Davolink Clears Network Switch Hole

Tuesday, July 31, 2018 @ 04:07 PM gHale

Davolink created new firmware to mitigate a use of password hash with insufficient computational effort vulnerability in its DVW-3200N, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Ankit Anubhav of NewSky Security, may result in a remote attacker obtaining the password to the device.

Moxa Fixes NPort 5210, 5230, 5232 Hole
Echelon Fixes Multiple Vulnerabilities
AVEVA InTouch Updates Available
AVEVA Hotfix for Stack-Based Buffer Overflow

A networking switch, DVW-3200N all versions prior to Version 1.00.06 suffer from the issue.

In the vulnerability, the device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.

CVE-2018-10618 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use mainly in the information technology sector and it sees action in Asia and Europe

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

South Korea-based Davolink produced a new firmware version to download for the device.

Leave a Reply

You must be logged in to post a comment.