CVE-2021-34203

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed.

CVSS v3 8.1 HIGH
CVSS v2.0 4.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://d-link.com	Vendor Advisory
http://dir-2640-us.com	Broken Link URL Repurposed
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203	Exploit Third Party Advisory
https://www.dlink.com/en/security-bulletin/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-2640-us_firmware:1.01b04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(MISC) http://dir-2640-us.com - Broken Link~~	(MISC) http://dir-2640-us.com - Broken Link, URL Repurposed

Information

Published : 2021-06-16 20:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-34203

Mitre link : CVE-2021-34203

CVE.ORG link : CVE-2021-34203

JSON object : View

Products Affected

dlink

dir-2640-us_firmware
dir-2640-us

CWE

CWE-1188

Insecure Default Initialization of Resource

{"id": "CVE-2021-34203", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-06-16T20:15:07.610", "references": [{"url": "http://d-link.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://dir-2640-us.com", "tags": ["Broken Link", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.dlink.com/en/security-bulletin/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1188"}]}], "descriptions": [{"lang": "en", "value": "D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed."}, {"lang": "es", "value": "D-Link DIR-2640-US versi\u00f3n 1.01B04 es vulnerable al Control de Acceso Incorrecto. El router ac2600 (dir-2640-us), cuando se configura PPPoE, iniciar\u00e1 el proceso quagga en la manera de monitorizaci\u00f3n de toda la red, y esta funci\u00f3n usa la contrase\u00f1a y el puerto originales predeterminado. Un atacante puede usar f\u00e1cilmente telnet para iniciar sesi\u00f3n, modificar la informaci\u00f3n de enrutamiento, monitorear el tr\u00e1fico de todos los dispositivos bajo el router, secuestrar el DNS y los ataques de phishing. Adem\u00e1s, es probable que esta interfaz sea cuestionada por los clientes como una puerta trasera, ya que la interfaz no deber\u00eda estar expuesta"}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-2640-us_firmware:1.01b04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E8DB0D1-B2E6-457A-A4A5-C6AE9EB82624"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "894C2BD1-B610-4F15-864E-92D6B515488D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}