CVE-2021-28838
published 2021-08-10CVE-2021-28838: Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens at the `atoi' operation when a specific network package are sent to the httpd binary.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlink | dap-2310_firmware | <= 2.10rc039 | — |
| dlink | dap-2330_firmware | < 1.10rc036 | 1.10rc036 |
| dlink | dap-2330_firmware | — | — |
| dlink | dap-2360_firmware | <= 2.10rc055 | — |
| dlink | dap-2553_firmware | < 3.10rc039 | 3.10rc039 |
| dlink | dap-2553_firmware | — | — |
| dlink | dap-2660_firmware | <= 1.15rc131b | — |
| dlink | dap-2690_firmware | < 3.20rc115 | 3.20rc115 |
| dlink | dap-2690_firmware | — | — |
| dlink | dap-2695_firmware | <= 1.20rc093 | — |
| dlink | dap-3320_firmware | < 1.05rc027 | 1.05rc027 |
| dlink | dap-3320_firmware | — | — |
| dlink | dap-3662_firmware | < 1.05rc069 | 1.05rc069 |
| dlink | dap-3662_firmware | — | — |