Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2021-44 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
12 Jan 2022, 20:03
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 8.3
v3 : 8.8 |
12 Jan 2022, 17:26
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 | |
References | (MISC) https://www.tenable.com/security/research/tra-2021-44 - Exploit, Third Party Advisory | |
First Time |
Dlink
Dlink dir-2640-us Dlink dir-2640-us Firmware |
|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
CPE | cpe:2.3:o:dlink:dir-2640-us_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:* |
30 Dec 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-30 22:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-20132
Mitre link : CVE-2021-20132
CVE.ORG link : CVE-2021-20132
JSON object : View
Products Affected
dlink
- dir-2640-us
- dir-2640-us_firmware
CWE
CWE-798
Use of Hard-coded Credentials