CVE-2021-34204

Exploit

EPSS 0.06%
Published 16.06.2021 20:15:07
Last modified 21.11.2024 06:10:00
Source cve@mitre.org
Teams watchlist Login
Open Login

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dir-2640-us Firmware Version1.01b04

Dlink ≫ Dir-2640-us Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.161

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.dlink.com/en/security-bulletin/

Vendor Advisory

http://d-link.com

Broken Link

http://dir-2640-us.com

Broken Link

URL Repurposed

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-34204

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34204

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34204

EUVD