Remote Administrative Access Vulnerability in D-Link Router
CVE-2021-20132

8.8HIGH

Key Information:

Vendor
D-Link
Status
Quagga Services On D-link Dir-2640 Routers
Vendor
CVE Published:
30 December 2021

Summary

The Quagga Services on D-Link DIR-2640 routers prior to version 1.11B02 utilize default hard-coded credentials. This vulnerability can enable an unauthorized remote attacker to breach security, gaining administrative access to important services like zebra or ripd, both operating with elevated privileges. Such access allows the attacker to manipulate the router's configurations and functions, potentially leading to further exploits or disruptions.

Affected Version(s)

Quagga Services on D-Link DIR-2640 Routers <= 1.11B02

References

https://www.tenable.com/security/research/tra-2021-44
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.