Hard-Coded Password Vulnerability in D-LINK DIR-3040 Router
CVE-2021-21820

10CRITICAL

Key Information:

Vendor: D-Link
Status: D-link
Vendor: CVE Published:; 16 July 2021

Summary

A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 routers. By sending specially crafted network requests, an attacker can exploit this vulnerability to execute arbitrary code on the device, potentially compromising its functionality and security. Users are advised to review their network environments and apply necessary mitigations.

Affected Version(s)

D-Link D-LINK DIR-3040 1.13B03

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 16, 2021
Vulnerability Reserved
Jan 4, 2021