CVE-2021-28839 Information
Jun 07, 2022
cve
Description
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031 DAP-2330 1.07.RC028 DAP-2360 2.07.RC043 DAP-2553 3.06.RC027 DAP-2660 1.13.RC074 DAP-2690 3.16.RC100 DAP-2695 1.17.RC063 DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request the strrchr in the upload_certificate function would take NULL as first argument and incur the NULL pointer dereference vulnerability.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://www.dlink.com/en/security-bulletin/ https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdf https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdf
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: