CVE-2021-29296 — NULL Pointer Dereference in Dlink Dir-825 Firmware

CWE-476 — NULL Pointer Dereference3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 50.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-825 Firmware
Timeline
PublishedAug 10
Latest updateMay 24

Description

Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious user cause a denial of service. The vulnerability could be triggered by sending an HTTP request with URL /vct_wan; the sbin/httpd would invoke the strchr function and take NULL as a first argument, which finally leads to the segmentation fault. NOTE: The DIR-825 and all hardware revisions is considered End of Life and as such this issue will not be patched

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

â–¶NVDdlink/dir-825_firmware2.10b02

🔴Vulnerability Details

2
GHSA
GHSA-4gp5-h62v-pf2f: ** UNSUPPORTED WHEN ASSIGNED **Null Pointer Dereference vulnerability in D-Link DIR-825 2↗2022-05-24
â–¶
CVEList
CVE-2021-29296: Null Pointer Dereference vulnerability in D-Link DIR-825 2↗2021-08-10
â–¶
CVE-2021-29296 — NULL Pointer Dereference in Dlink | cvebase