An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack
References
Link | Resource |
---|---|
https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html | Exploit Third Party Advisory |
https://github.com/guywhataguy/D-Link-CVE-2021-27342-exploit/blob/main/dlink-telnet-exploit-CVE-2021-27342.py | Exploit Third Party Advisory |
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10225 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2021-05-17 13:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-27342
Mitre link : CVE-2021-27342
CVE.ORG link : CVE-2021-27342
JSON object : View
Products Affected
dlink
- dir-842e_firmware
- dir-842e
CWE
CWE-203
Observable Discrepancy