CVE-2021-26709
D-Link DSL-320B-D1 Pre-Authentication Buffer Overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Los dispositivos D-Link DSL-320B-D1 versiones hasta EU_1.25, son propensos a múltiples desbordamientos de búfer en la región stack de la memoria que permiten a atacantes remotos no autenticados tomar el control de un dispositivo por medio del usuario login.xgi y parámetros pass. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son soportados por el mantenedor
The D-Link DSL-320B-D1 ADSL modem suffers from multiple pre-authentication stack buffer overflow vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-05 CVE Reserved
- 2021-04-07 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Apr/15 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/162133/D-Link-DSL-320B-D1-Pre-Authentication-Buffer-Overflow.html | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10216 | 2024-05-17 | |
| https://www.dlink.com/en/security-bulletin | 2024-05-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| D-link Search vendor "D-link" | Dsl-320b-d1 Search vendor "D-link" for product "Dsl-320b-d1" | <= eu_1.25 Search vendor "D-link" for product "Dsl-320b-d1" and version " <= eu_1.25" | - |
Affected
| in | D-link Search vendor "D-link" | Dsl-320b-d1 Search vendor "D-link" for product "Dsl-320b-d1" | - | - |
Safe
|