Page 81 of 846 results (0.012 seconds)

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204 https://www.dlink.com/en/security-bulletin • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes. D-Link DIR-2640-US versión 1.01B04 es vulnerable al Desbordamiento del Búfer. Se presentan múltiples vulnerabilidades de desbordamiento de búfer en algunos procesos de D-Link AC2600(DIR-2640). • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34201 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. D-Link DIR-2640-US versión 1.01B04 es vulnerable al Control de Acceso Incorrecto. • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203 https://www.dlink.com/en/security-bulletin • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution. Se presentan múltiples vulnerabilidades fuera de límites en algunos procesos de D-Link AC2600(DIR-2640) versión 1.01B04. Los permisos ordinarios pueden ser elevados a permisos de administrador, resultando en una ejecución de código arbitrario local. • http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202 https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. • https://www.zerodayinitiative.com/advisories/ZDI-21-679 • CWE-121: Stack-based Buffer Overflow •