Description
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.

This issue was fixed in version 1.00B16CP.
Published: 2026-05-28
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

D‑Link DWR‑X1820 routers generate a weak default administrator password derived from the device’s IMEI number and do not force users to change it. Because the derivation algorithm is simple, any individual who knows the IMEI can compute the password and gain unauthorized access to the router’s web interface, potentially allowing configuration changes or network traffic manipulation.

Affected Systems

All D‑Link DWR‑X1820 units running firmware versions earlier than 1.00B16CP are affected. The vulnerability exists on the router itself and on any services that can be managed through the default credentials.

Risk and Exploitability

The CVSS score of 6 indicates moderate severity. EPSS is not available and the vulnerability is not in CISA’s KEV catalog. The attack can be performed easily if an attacker can obtain the device’s IMEI or has local network access; typically the router’s management interface is only reachable from the LAN. If the router’s web interface is exposed to the internet, a remote attack is also possible. Based on the description, it is inferred that local network possession or remote exposure are the primary attack vectors, making exploitation practical for attackers in proximity or with internet reach to the device. The risk of exploitation is therefore non‑negligible for exposed or unprotected units.

Generated by OpenCVE AI on May 28, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the firmware to version 1.00B16CP or later as soon as possible.
  • After updating, set a strong, unique administrator password that is not derived from any device identifier.
  • Disable remote management features that are not essential for normal operation.

Generated by OpenCVE AI on May 28, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared D-link
D-link dwr-x1820
Vendors & Products D-link
D-link dwr-x1820

Thu, 28 May 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP.
Title Use of Weak Credentials in D-Link DWR-X1820 router
Weaknesses CWE-1391
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

D-link Dwr-x1820
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-05-28T12:02:42.626Z

Reserved: 2026-03-18T12:46:23.457Z

Link: CVE-2026-4377

cve-icon Vulnrichment

Updated: 2026-05-28T12:02:30.146Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:39.940

Modified: 2026-05-28T18:00:33.730

Link: CVE-2026-4377

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:19:16Z

Weaknesses