Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34202

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.

Published

2021-06-16T19:15:39.263

Last Modified

2024-11-21T06:10:00.570

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dir-2640-us_firmware	1.01b04	Yes
Hardware	dlink	dir-2640-us	-	No

References

http://d-link.com Vendor Advisory ([email protected])
http://dir-2640-us.com Broken Link, URL Repurposed ([email protected])
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202 Exploit, Third Party Advisory ([email protected])
https://www.dlink.com/en/security-bulletin/ Vendor Advisory ([email protected])
http://d-link.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://dir-2640-us.com Broken Link, URL Repurposed (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.dlink.com/en/security-bulletin/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)