Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-20132


Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).


Published

2021-12-30T22:15:07.863

Last Modified

2024-11-21T05:45:59.093

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

6.5

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-798

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System dlink dir-2640-us_firmware ≤ 1.11b02 Yes
Hardware dlink dir-2640-us - No

References