Remote Administrative Access Vulnerability in D-Link Router
CVE-2021-20132

8.8HIGH

Key Information:

Vendor: D-Link
Status: Quagga Services On D-link Dir-2640 Routers
Vendor: CVE Published:; 30 December 2021

What is CVE-2021-20132?

The Quagga Services on D-Link DIR-2640 routers prior to version 1.11B02 utilize default hard-coded credentials. This vulnerability can enable an unauthorized remote attacker to breach security, gaining administrative access to important services like zebra or ripd, both operating with elevated privileges. Such access allows the attacker to manipulate the router's configurations and functions, potentially leading to further exploits or disruptions.

Affected Version(s)

Quagga Services on D-Link DIR-2640 Routers <= 1.11B02

References

https://www.tenable.com/security/research/tra-2021-44

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2021
Vulnerability Reserved
Dec 17, 2020