Published: 16/06/2021 Updated: 14/02/2024

CVSS v2 Base Score: 4.8 | Impact Score: 4.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 427

Vector: AV:A/AC:L/Au:N/C:P/I:P/A:N

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlink dir-2640-us_firmware 1.01b04

Simulate firmware with one click of firmadyne (使用 firmadyne 一键模拟固件)

Firmware Analysis Plus (Fap) 👉 English 上游项目支持：binwalk、firmadyne、firmware-analysis-toolkit firmware-analysis-plus（Fap）主要用于常见路由器固件的仿真，可以进行固件的安全测试。感谢以下开源项目：binwalk 提供优秀的固件提取 API，firmadyne 提供优秀的固件仿真核心支持，firmware-analysis-toolkit 提�

CWE-1188 https://www.dlink.com/en/security-bulletin/http://d-link.com http://dir-2640-us.com https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203 https://nvd.nist.gov https://github.com/liyansong2018/firmware-analysis-plus

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-34203

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect