CVE-2021-34203
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/06/2021
Last modified:
14/02/2024
Description
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
4.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:dlink:dir-2640-us_firmware:1.01b04:*:*:*:*:*:*:* | ||
cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page