Information Disclosure in D-LINK DIR-3040 WiFi Smart Mesh Functionality
CVE-2021-21913

10CRITICAL

Key Information:

Vendor: D-Link
Status: D-link
Vendor: CVE Published:; 23 September 2021

What is CVE-2021-21913?

An information disclosure vulnerability is present in the WiFi Smart Mesh functionality of D-LINK DIR-3040 version 1.13B03. By crafting a specific network request, an attacker can exploit this weakness to achieve unauthorized command execution. This vulnerability allows malicious actors to connect to the MQTT service, potentially compromising the device and the network's integrity.

Affected Version(s)

D-Link D-LINK DIR-3040 1.13B03

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 23, 2021
Vulnerability Reserved
Jan 4, 2021