CVE-2026-4377

Vulnerability

The D-Link DWR-X1820 router uses a weak default password that is generated from its IMEI number and does not require users to change it [2]. The affected versions are 1.00B14CP through 1.00B16CP [2]. An attacker who understands the password generation algorithm can derive the default password if they obtain the device's IMEI.

Exploitation

An attacker requires knowledge of the password generation algorithm (which is deterministic based on the IMEI) and access to the device's IMEI. The IMEI can be obtained through physical access, network scanning, or social engineering. No authentication is needed initially, as the default password is used out-of-the-box and is never changed by the user. The attacker can then log into the router's administrative interface using the derived credentials.

Impact

Successful exploitation allows the attacker to gain full administrative access to the router. This could lead to unauthorized configuration changes, interception of network traffic, denial of service, or use of the device as a pivot for further attacks on the local network.

Mitigation

The vulnerability is fixed in firmware version 1.00B16CP [2]. Users should update their routers to this version immediately. If updating is not possible, users should manually change the default password to a strong, unique password. Note that the product may be end-of-life and no longer supported by the manufacturer in certain regions [1].