CVE-2021-21818
https://notcve.org/view.php?id=CVE-2021-21818
A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de contraseña embebida en la funcionalidad Zebra IP Routing Manager de D-LINK DIR-3040 versión 1.13B03. Una petición de red especialmente diseñada puede conllevar a una denegación de servicio. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1283 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVE-2021-21819
https://notcve.org/view.php?id=CVE-2021-21819
A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de código en la funcionalidad de Libcli Test Environment de D-LINK DIR-3040 versión 1.13B03. Una petición de red especialmente diseñada puede conllevar a una ejecución de un comando arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1284 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-21820
https://notcve.org/view.php?id=CVE-2021-21820
A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de contraseña embebida en la funcionalidad Libcli Test Environment de D-LINK DIR-3040 versión 1.13B03. Una petición de red especialmente diseñada puede conllevar a una ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1285 • CWE-798: Use of Hard-coded Credentials •
CVE-2021-34828
https://notcve.org/view.php?id=CVE-2021-34828
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.zerodayinitiative.com/advisories/ZDI-21-680 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-33346
https://notcve.org/view.php?id=CVE-2021-33346
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization. Se presenta una vulnerabilidad de modificación arbitraria de la contraseña en un producto router D-LINK DSL-2888A. Un atacante puede utilizar esta vulnerabilidad para modificar la contraseña del usuario administrador sin autorización • https://github.com/EmYiQing/CVE https://www.dlink.com/en/security-bulletin • CWE-306: Missing Authentication for Critical Function •