CVE-2021-34204

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 80.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dlink Dir-2640-us Firmware
Timeline
PublishedJun 16
Latest updateMay 24

Description

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-m45q-r6x2-5q77: D-Link DIR-2640-US 12022-05-24
CVEList
CVE-2021-34204: D-Link DIR-2640-US 12021-06-16
CVE-2021-34204 (MEDIUM CVSS 6.8) | D-Link DIR-2640-US 1.01B04 is affec | cvebase.io