CVE-2021-34204 Information

Description

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition the passwords of all devices are the same and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.dlink.com/en/security-bulletin/ http://d-link.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204 http://dir-2640-us.com

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.8