Daniel Nussko

#11108of 53,632
24.8Total CVSS
Vulnerabilities · 3
Medium
1
Critical
2
PT-2021-22677
9.8
2021-08-23
D Link · D-Link Dvg-3104Ms · CVE-2021-39613
Name of the Vulnerable Software and Affected Versions: D-Link DVG-3104MS versions 1.0.2.0.3 through 1.0.2.0.4E Description: The issue concerns hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Weak passwords have been used, allowing plaintext passwords to be recovered from the hash values. This issue only affects products that are no longer supported by the maintainer. Recommendations: For D-Link DVG-3104MS versions 1.0.2.0.3 through 1.0.2.0.4E, consider changing the hard-coded credentials and passwords to stronger ones to minimize the risk of exploitation. As a temporary workaround, restrict access to the '/etc/passwd' file until a more permanent solution can be applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-22678
5.0
2021-08-23
D Link · D-Link Dvx-2000Ms · CVE-2021-39614
Name of the Vulnerable Software and Affected Versions: D-Link DVX-2000MS (affected versions not specified) Description: The issue concerns hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Due to the use of weak passwords, it is possible to recover the plaintext passwords from the hash values. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2021-4449
10
2021-08-23
D Link · Dsr-500N · CVE-2021-39615
**Name of the Vulnerable Software and Affected Versions** D-Link DSR-500N version 1.02 D-Link DSR-500N versions prior to 2.12/2 **Description** The issue is related to hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. If an attacker recovers the cleartext password of the identified hash value, they can log in via SSH or Telnet and gain access to the underlying embedded Linux operating system on the device. **Recommendations** For D-Link DSR-500N version 1.02, update to version 2.12/2 to resolve the issue. For D-Link DSR-500N versions prior to 2.12/2, update to version 2.12/2 to resolve the issue. As a temporary workaround, consider restricting access to the '/etc/passwd' file and limiting SSH and Telnet connections to minimize the risk of exploitation.