CVE-2021-34203
https://notcve.org/view.php?id=CVE-2021-34203
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. D-Link DIR-2640-US versión 1.01B04 es vulnerable al Control de Acceso Incorrecto. • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203 https://www.dlink.com/en/security-bulletin • CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2021-34202
https://notcve.org/view.php?id=CVE-2021-34202
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. Se presentan múltiples vulnerabilidades fuera de límites en algunos procesos de D-Link AC2600(DIR-2640) versión 1.01B04. Los permisos ordinarios pueden ser elevados a permisos de administrador, resultando en una ejecución de código arbitrario local. • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •