CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md
https://jvn.jp/en/vu/JVNVU92088210/	Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230	Vendor Advisory
https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md
https://jvn.jp/en/vu/JVNVU92088210/	Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dsl-2750u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dsl-2750u:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:22

Type	Values Removed	Values Added
References	~~() https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md -~~	() https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md -
References	~~() https://jvn.jp/en/vu/JVNVU92088210/ - Third Party Advisory~~	() https://jvn.jp/en/vu/JVNVU92088210/ - Third Party Advisory
References	~~() https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230 - Vendor Advisory~~	() https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10230 - Vendor Advisory

07 Nov 2023, 03:38

Type	Values Removed	Values Added
References	{'url': 'https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md', 'name': 'https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20(firmware%20version%201.6)/README.md', 'tags': ['Third Party Advisory'], 'refsource': 'MISC'}	() https://github.com/HadiMed/firmware-analysis/blob/main/DSL-2750U%20%28firmware%20version%201.6%29/README.md -

Information

Published : 2021-08-16 05:15

Updated : 2024-11-21 06:22

NVD link : CVE-2021-3707

Mitre link : CVE-2021-3707

CVE.ORG link : CVE-2021-3707

JSON object : View

Products Affected

dlink

dsl-2750u_firmware
dsl-2750u

CWE

CWE-15

External Control of System or Configuration Setting

NVD-CWE-Other

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-3707

5.5^/10

2.1^/10

Attach tags to `CVE-2021-3707`