CVE-2021-39613

Name of the Vulnerable Software and Affected Versions: D-Link DVG-3104MS versions 1.0.2.0.3 through 1.0.2.0.4E

Description: The issue concerns hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. Weak passwords have been used, allowing plaintext passwords to be recovered from the hash values. This issue only affects products that are no longer supported by the maintainer.

Recommendations: For D-Link DVG-3104MS versions 1.0.2.0.3 through 1.0.2.0.4E, consider changing the hard-coded credentials and passwords to stronger ones to minimize the risk of exploitation. As a temporary workaround, restrict access to the '/etc/passwd' file until a more permanent solution can be applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.