CVE-2021-34204

Exploit

EPSS 0.06%
Veröffentlicht 16.06.2021 20:15:07
Zuletzt bearbeitet 21.11.2024 06:10:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Dir-2640-us Firmware Version1.01b04

Dlink ≫ Dir-2640-us Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.161

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.dlink.com/en/security-bulletin/

Vendor Advisory

http://d-link.com

Broken Link

http://dir-2640-us.com

Broken Link

URL Repurposed

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-34204

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34204

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34204

EUVD