CVE-2022-1262
https://notcve.org/view.php?id=CVE-2022-1262
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. Una vulnerabilidad de inyección de comandos en el binario de protesta permite a un atacante con acceso a la interfaz de línea de comandos remota ejecutar comandos arbitrarios como root • https://www.tenable.com/security/research/tra-2022-09 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-34204
https://notcve.org/view.php?id=CVE-2021-34204
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204 https://www.dlink.com/en/security-bulletin • CWE-522: Insufficiently Protected Credentials •
CVE-2021-34201
https://notcve.org/view.php?id=CVE-2021-34201
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. D-Link DIR-2640-US versión 1.01B04 es vulnerable al Desbordamiento del Búfer. Se presentan múltiples vulnerabilidades de desbordamiento de búfer en algunos procesos de D-Link AC2600(DIR-2640). • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34201 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVE-2021-34203
https://notcve.org/view.php?id=CVE-2021-34203
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. D-Link DIR-2640-US versión 1.01B04 es vulnerable al Control de Acceso Incorrecto. • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203 https://www.dlink.com/en/security-bulletin • CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2021-34202
https://notcve.org/view.php?id=CVE-2021-34202
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. Se presentan múltiples vulnerabilidades fuera de límites en algunos procesos de D-Link AC2600(DIR-2640) versión 1.01B04. Los permisos ordinarios pueden ser elevados a permisos de administrador, resultando en una ejecución de código arbitrario local. • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •