CVE-2021-20133

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd).

CVSS v3 6.1 MEDIUM
CVSS v2.0 7.1 HIGH

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:S/C:C/I:N/A:C

Exploitability : 5.1 / Impact : 9.2

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.tenable.com/security/research/tra-2021-44	Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2021-44	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-2640-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:45

Type	Values Removed	Values Added
References	~~() https://www.tenable.com/security/research/tra-2021-44 - Exploit, Third Party Advisory~~	() https://www.tenable.com/security/research/tra-2021-44 - Exploit, Third Party Advisory

Information

Published : 2021-12-30 22:15

Updated : 2024-11-21 05:45

NVD link : CVE-2021-20133

Mitre link : CVE-2021-20133

CVE.ORG link : CVE-2021-20133

JSON object : View

Products Affected

dlink

dir-2640-us
dir-2640-us_firmware

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2021-20133", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2021-12-30T22:15:08.230", "references": [{"url": "https://www.tenable.com/security/research/tra-2021-44", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2021-44", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the \"message of the day\" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as \"/dev/urandom\" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd)."}, {"lang": "es", "value": "Los servicios de Quagga en los DIR-2640 de D-Link menores o iguales a versi\u00f3n 1.11B02, est\u00e1n afectados por una vulnerabilidad de salto de ruta absoluto que permite a un atacante remoto y autenticado establecer el banner \"message of the day\" en cualquier archivo del sistema, permiti\u00e9ndole leer todo o parte del contenido de esos archivos. De este modo, puede revelarse informaci\u00f3n confidencial como credenciales con hash, contrase\u00f1as en texto plano embebidas para otros servicios, archivos de configuraci\u00f3n y claves privadas. El manejo inapropiado de los nombres de archivo que identifican recursos virtuales, como \"/dev/urandom\", permite a un atacante realizar un ataque de denegaci\u00f3n de servicio contra las interfaces de l\u00ednea de comandos de los servicios Quagga (zebra y ripd).\n"}], "lastModified": "2024-11-21T05:45:59.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-2640-us_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACE0B76E-0581-4A2B-92D2-A1D7A93B098E", "versionEndIncluding": "1.11b02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "894C2BD1-B610-4F15-864E-92D6B515488D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}