The NCCIC has released an advisory regarding the use of a password hash with insufficient computational effort vulnerability in Davolink DVW-3200N network switches. All versions of DVW-3200N prior to version 1.00.06 are affected. Successful exploitation of this vulnerability may result in a remote attacker obtaining the password to the device, as the device generates a weak password hash that is easily cracked. Currently there are no known public exploits; however, this vulnerability is remotely exploitable, and could be successfully exploited by an attacker with a low skill level. Davolink has produced a new firmware version for the device and recommends users apply updates as soon as possible. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. NCCIC/ICS-CERT.
H2OSecCon 2025- a virtual security event for the water sector - happening May 20th. Register Now!