CVE-2021-29295NULL Pointer Dereference in Dlink Dsp-w215 Firmware

CWE-476NULL Pointer Dereference3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 36.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dsp-w215 Firmware
Timeline
PublishedAug 10
Latest updateMay 24

Description

Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote malicious user cause a denial of servie via usr/bin/lighttpd. It could be triggered by sending an HTTP request without URL in the start line directly to the device. NOTE: The DSP-W215 and all hardware revisions is considered End of Life and as such this issue will not be patched

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qrj4-928f-f3h2: ** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability exists in D-Link DSP-W215 12022-05-24
CVEList
CVE-2021-29295: Null Pointer Dereference vulnerability exists in D-Link DSP-W215 12021-08-10
CVE-2021-29295 — NULL Pointer Dereference in Dlink | cvebase