8.1

CVE-2021-34203

Exploit

EPSS 0.07%
Published 16.06.2021 20:15:07
Last modified 21.11.2024 06:10:00
Source cve@mitre.org
Teams watchlist Login
Open Login

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dir-2640-us Firmware Version1.01b04

Dlink ≫ Dir-2640-us Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.18

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	4.8	6.5	4.9	AV:A/AC:L/Au:N/C:P/I:P/A:N

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://www.dlink.com/en/security-bulletin/

Vendor Advisory

http://d-link.com

Vendor Advisory

http://dir-2640-us.com

Broken Link

URL Repurposed

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-34203

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34203

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34203

EUVD