Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34204

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

Published

2021-06-16T20:15:07.647

Last Modified

2024-11-21T06:10:00.930

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dlink	dir-2640-us_firmware	1.01b04	Yes
Hardware	dlink	dir-2640-us	-	No

References

http://d-link.com Broken Link ([email protected])
http://dir-2640-us.com Broken Link, URL Repurposed ([email protected])
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204 Exploit, Third Party Advisory ([email protected])
https://www.dlink.com/en/security-bulletin/ Vendor Advisory ([email protected])
http://d-link.com Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://dir-2640-us.com Broken Link, URL Repurposed (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.dlink.com/en/security-bulletin/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)