Vulnerability CVE-2021-34204


Published: 2021-06-16   Modified: 2021-06-17

Description:
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

Type:

CWE-522

(Insufficiently Protected Credentials)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://www.dlink.com/en/security-bulletin/
http://d-link.com
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204
http://dir-2640-us.com

Copyright 2021, cxsecurity.com

 

Back to Top