Your one-stop web resource providing safety and security information to manufacturers

Davolink created new firmware to mitigate a use of password hash with insufficient computational effort vulnerability in its DVW-3200N, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability, discovered by Ankit Anubhav of NewSky Security, may result in a remote attacker obtaining the password to the device.

Moxa Fixes NPort 5210, 5230, 5232 Hole
Echelon Fixes Multiple Vulnerabilities
AVEVA InTouch Updates Available
AVEVA Hotfix for Stack-Based Buffer Overflow

A networking switch, DVW-3200N all versions prior to Version 1.00.06 suffer from the issue.

In the vulnerability, the device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.

Schneider Bold

CVE-2018-10618 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use mainly in the information technology sector and it sees action in Asia and Europe

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

South Korea-based Davolink produced a new firmware version to download for the device.

Pin It on Pinterest

Share This