CVE-2021-34203

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed.

D-Link DIR-2640-US versión 1.01B04 es vulnerable al Control de Acceso Incorrecto. El router ac2600 (dir-2640-us), cuando se configura PPPoE, iniciará el proceso quagga en la manera de monitorización de toda la red, y esta función usa la contraseña y el puerto originales predeterminado. Un atacante puede usar fácilmente telnet para iniciar sesión, modificar la información de enrutamiento, monitorear el tráfico de todos los dispositivos bajo el router, secuestrar el DNS y los ataques de phishing. Además, es probable que esta interfaz sea cuestionada por los clientes como una puerta trasera, ya que la interfaz no debería estar expuesta

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-06-07 CVE Reserved
2021-06-16 CVE Published
2024-01-21 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-1188: Initialization of a Resource with an Insecure Default

CAPEC

References (4)

URL	Tag	Source
http://dir-2640-us.com	Broken Link

URL	Date	SRC
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203	2024-08-04

URL	Date	SRC

URL	Date	SRC
http://d-link.com	2024-02-14
https://www.dlink.com/en/security-bulletin	2024-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dlink Search vendor "Dlink"	Dir-2640-us Firmware Search vendor "Dlink" for product "Dir-2640-us Firmware"	1.01b04 Search vendor "Dlink" for product "Dir-2640-us Firmware" and version "1.01b04"	-	Affected	in	Dlink Search vendor "Dlink"	Dir-2640-us Search vendor "Dlink" for product "Dir-2640-us"	-	-	Safe