CVE-2026-4377

Use of Weak Credentials in D-Link DWR-X1820 router

CVSS 6 MEDIUMEPSS 0.1%CWE-1391

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP.

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

D-Link Corporation · DWR-X1820

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert.pl/posts/2026/05/CVE-2026-4377 https://www.dlink.com/pl/pl/products/dwr-1820-cp#support