Davolink created new firmware to mitigate a use of password hash with insufficient computational effort vulnerability in its DVW-3200N, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, discovered by Ankit Anubhav of NewSky Security, may result in a remote attacker obtaining the password to the device.
A networking switch, DVW-3200N all versions prior to Version 1.00.06 suffer from the issue.
In the vulnerability, the device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
CVE-2018-10618 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product sees use mainly in the information technology sector and it sees action in Asia and Europe
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
South Korea-based Davolink produced a new firmware version to download for the device.