Davolink DVW-3200N

Act Now9.8ICS-CERT ICSA-18-212-01Jul 31, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The DVW-3200N contains a vulnerability that allows remote attackers to obtain the device password without authentication or any user interaction. Successful exploitation grants the attacker full administrative access to the device. The vulnerability is in the password protection/storage mechanism of the device management interface.

What this means

What could happen

An attacker who reaches this device remotely can extract the admin password, giving them full control to modify device settings or cause operational disruptions. This is a critical risk if the DVW-3200N manages network access or routing for your control system.

Who's at risk

Water and wastewater utilities, electric substations, and other critical infrastructure operators using Davolink DVW-3200N network devices (routers, switches, or network appliances). Any facility where this device controls or routes SCADA/telemetry traffic should prioritize remediation.

How it could be exploited

An attacker on the network sends a crafted request to the DVW-3200N's management interface (port 80/443 likely). The device fails to protect the password storage mechanism, allowing the attacker to retrieve the credentials without authentication or any special access—the flaw is in how the device stores or transmits the password itself.

Prerequisites

Network access to the DVW-3200N management interface (HTTP/HTTPS)
Device must be reachable from attacker's network segment
No authentication required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (18.5%)affects control system accesscredential theft enables full device compromise

Exploitability

High exploit probability (EPSS 18.5%)

Affected products (1)

ProductAffected VersionsFix Status

DVW-3200N: all< 1.00.061.00.06

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to the DVW-3200N management interface—block all inbound HTTP/HTTPS traffic except from authorized engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate DVW-3200N firmware to version 1.00.06 or later from Davolink support portal

Long-term hardening

0/2

HARDENINGIsolate DVW-3200N on a separate, air-gapped management VLAN with firewall rules blocking access from the business network and Internet

HARDENINGIf remote access is required, enforce access through a VPN with current patches and strong authentication

CVEs (1)

CVE-2018-10618

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/031dc905-938b-49f5-b162-d77e2eaf1a0d