There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.
References
Link | Resource |
---|---|
http://d-link.com | Vendor Advisory |
http://dir-2640-us.com | Broken Link URL Repurposed |
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202 | Exploit Third Party Advisory |
https://www.dlink.com/en/security-bulletin/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://dir-2640-us.com - Broken Link, URL Repurposed |
23 Jun 2021, 23:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-2640-us_firmware:1.01b04:*:*:*:*:*:*:* |
|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
References | (MISC) http://d-link.com - Vendor Advisory | |
References | (MISC) https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202 - Exploit, Third Party Advisory | |
References | (MISC) http://dir-2640-us.com - Broken Link | |
References | (MISC) https://www.dlink.com/en/security-bulletin/ - Vendor Advisory |
16 Jun 2021, 19:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-16 19:15
Updated : 2024-02-14 01:17
NVD link : CVE-2021-34202
Mitre link : CVE-2021-34202
CVE.ORG link : CVE-2021-34202
JSON object : View
Products Affected
dlink
- dir-2640-us_firmware
- dir-2640-us
CWE
CWE-787
Out-of-bounds Write