10

CVE-2021-39615

Exploit

EPSS 2.27%
Published 23.08.2021 22:15:28
Last modified 21.11.2024 06:19:48
Source cve@mitre.org
Teams watchlist Login
Open Login

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Dlink ≫ Dsr-500n Firmware Version1.02

Dlink ≫ Dsr-500n Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.27%	0.841

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.dlink.com/en/security-bulletin/

Vendor Advisory

https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10235

Vendor Advisory

https://www.nussko.com/advisories/advisory-2021-08-02.txt

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-39615

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-39615

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-39615

EUVD