CVE-2021-34204

Name of the Vulnerable Software and Affected Versions D-Link DIR-2640-US version 1.01B04

Description The issue is related to insufficiently protected credentials. The D-Link AC2600 (DIR-2640) stores the device system account password in plain text and does not utilize Linux user management. Furthermore, all devices have the same password, which cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

Recommendations For D-Link DIR-2640-US version 1.01B04, consider disabling access to the serial port as a temporary workaround to minimize the risk of exploitation. Restricting root privileges until a proper fix is available is also advisable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.