PT-2021-14794 · D Link · D-Link Dir-3040

Dave Mcdaniel

Published

2021-07-16

Updated

2022-07-29

CVE-2021-21818

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions D-LINK DIR-3040 version 1.13B03

Description A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality. This issue can be triggered by a specially crafted network request, potentially leading to a denial of service. An attacker can exploit this by sending a sequence of requests.

Recommendations For D-LINK DIR-3040 version 1.13B03, consider changing the hard-coded password in the Zebra IP Routing Manager functionality to prevent exploitation. As a temporary workaround, restrict access to the Zebra IP Routing Manager to minimize the risk of denial of service attacks.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-259CWE-798

Related Identifiers

CVE-2021-21818

Affected Products

D-Link Dir-3040

PT-2021-14794 · D Link · D-Link Dir-3040

CVE-2021-21818

Weakness Enumeration

Related Identifiers

Affected Products

References · 4