Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).
2021-12-30T22:15:07.863
2024-11-21T05:45:59.093
Modified
CVSSv3.1: 8.8 (HIGH)
AV:A/AC:L/Au:N/C:C/I:C/A:C
6.5
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | dlink | dir-2640-us_firmware | ≤ 1.11b02 | Yes |
Hardware | dlink | dir-2640-us | - | No |