CVE-2026-4377 D-Link Corporation CVE debrief

Who should care

Network administrators managing D-Link DWR-X1820 routers, security teams responsible for edge device hardening, and organizations with remote or branch office deployments using this equipment.

Technical summary

The D-Link DWR-X1820 router firmware generates default administrative passwords using a deterministic algorithm based on the device's IMEI number. Because the IMEI is physically printed on the device and often visible on packaging, an attacker with brief physical access or photographic documentation can derive valid credentials. The attack requires adjacent network access (AV:A) and high complexity (AC:H) per CVSS 4.0, reflecting the need for IMEI acquisition and algorithm knowledge. The vulnerability is classified under CWE-1391 (Use of Weak Credentials).

Defensive priority

medium

Recommended defensive actions

• Inventory D-Link DWR-X1820 deployments and verify firmware version is 1.00B16CP or later
• Replace default credentials with strong, unique passwords regardless of firmware version
• Restrict administrative interface access to trusted management networks
• Monitor for unauthorized access attempts to router management interfaces
• Review device IMEI exposure in shipping materials, packaging, and physical security controls

Evidence notes

Evidence sources: NVD record (Awaiting Analysis status), CERT.PL advisory, and D-Link support page. CVSS 4.0 vector indicates attack vector adjacent (AV:A), high attack complexity (AC:H), and high confidentiality impact (VC:H). CWE-1391 (Use of Weak Credentials) is the primary weakness classification.

Official resources