CVE-2021-41441 — Improper Resource Shutdown or Release in Dlink Dir-x1860 Firmware

CWE-404 — Improper Resource Shutdown or Release3 documents3 sources

Severity

7.4HIGHNVD

EPSS

0.2%

top 53.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dlink Dir-x1860 Firmware

Timeline

PublishedFeb 9

Latest updateFeb 10

Description

A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

▶NVDdlink/dir-x1860_firmware1.03

Patches

Patch: supportannouncement.us.dlink.com ↗Patch: supportannouncement.us.dlink.com ↗

🔴Vulnerability Details

GHSA

GHSA-f7wq-7cmj-9wqj: A DoS attack in the web application of D-Link DIR-X1860 before v1↗2022-02-10

▶

CVEList

CVE-2021-41441: A DoS attack in the web application of D-Link DIR-X1860 before v1↗2022-02-09

▶