Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-21816 — Sensitive Information Exposure in Dlink Dir-3040 Firmware

CWE-200 — Sensitive Information Exposure CWE-922 — Insecure Storage of Sensitive Information6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

77.3%

top 1.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dlink Dir-3040 Firmware

Timeline

PublishedJul 16

Latest updateMay 24

Description

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDdlink/dir-3040_firmware1.13b03

🔴Vulnerability Details

GHSA

GHSA-c5h4-7vc8-8w5m: An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1↗2022-05-24

▶

CVEList

CVE-2021-21816: An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1↗2021-07-16

▶

💥Exploits & PoCs

Nuclei

D-Link DIR-3040 1.13B03 - Information Disclosure

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040↗2021-07-15

▶

Talos

Vulnerability Spotlight: Multiple vulnerabilities in D-LINK DIR-3040↗2021-07-15

▶