CVE-2021-34203

CWE-1188CWE-863Incorrect Authorization3 documents3 sources
Severity
8.1HIGH
EPSS
0.1%
top 78.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-2640-us Firmware
Timeline
PublishedJun 16
Latest updateMay 24

Description

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because th

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gr4j-7v97-rrfc: D-Link DIR-2640-US 12022-05-24
CVEList
CVE-2021-34203: D-Link DIR-2640-US 12021-06-16
CVE-2021-34203 (HIGH CVSS 8.1) | D-Link DIR-2640-US 1.01B04 is vulne | cvebase.io