// For flags

CVE-2021-27342

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack

Una omisión del mecanismo de protección de autenticación de fuerza bruta en telnetd en el modelo de D-Link Router versiones de firmware 3.0.2, permite a un atacante remoto omitir el período de retardo anti-brute-force cool-down por medio de un ataque de canal lateral basado en sincronización

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-02-16 CVE Reserved
  • 2021-05-15 First Exploit
  • 2021-05-17 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-11-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-203: Observable Discrepancy
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
 Dir-842e Firmware
Search vendor "Dlink" for product "Dir-842e Firmware"
 <= 3.0.2
Search vendor "Dlink" for product "Dir-842e Firmware" and version " <= 3.0.2"
-
Affected
in Dlink
Search vendor "Dlink"
 Dir-842e
Search vendor "Dlink" for product "Dir-842e"
 r1
Search vendor "Dlink" for product "Dir-842e" and version "r1"
-
Safe