CVE-2021-39615

Name of the Vulnerable Software and Affected Versions D-Link DSR-500N version 1.02 D-Link DSR-500N versions prior to 2.12/2

Description The issue is related to hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. If an attacker recovers the cleartext password of the identified hash value, they can log in via SSH or Telnet and gain access to the underlying embedded Linux operating system on the device.

Recommendations For D-Link DSR-500N version 1.02, update to version 2.12/2 to resolve the issue. For D-Link DSR-500N versions prior to 2.12/2, update to version 2.12/2 to resolve the issue. As a temporary workaround, consider restricting access to the '/etc/passwd' file and limiting SSH and Telnet connections to minimize the risk of exploitation.