The NCCIC has released an advisory regarding the use of a password hash with insufficient computational effort vulnerability in Davolink DVW-3200N network switches. All versions of DVW-3200N prior to version 1.00.06 are affected. Successful exploitation of this vulnerability may result in a remote attacker obtaining the password to the device, as the device generates a weak password hash that is easily cracked. Currently there are no known public exploits; however, this vulnerability is remotely exploitable, and could be successfully exploited by an attacker with a low skill level. Davolink has produced a new firmware version for the device and recommends users apply updates as soon as possible. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. NCCIC/ICS-CERT.
You are here
Related Resources
Jan 23, 2025 in Cybersecurity, in OT-ICS Security, in Federal & State Resources
Jan 23, 2025 in Cybersecurity, in Security Preparedness
Vulnerability Awareness – Joint Advisory on Ivanti Exploit Chains by Suspected Chinese Threat Actors
Jan 23, 2025 in Cybersecurity, in Federal & State Resources, in Security Preparedness
