CVE-2026-4377 MEDIUM

CVE-2026-4377: Use of Weak Credentials in D-Link DWR-X1820 router

Vendor D-Link Corporation
Product DWR-X1820
Weakness CWE-1391
Published May 28, 2026
Last update May 28, 2026

CVSS base score

6.0/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP.

Key dates

02Disclosure timeline

May 28, 2026 CVE published
May 28, 2026 Record updated