Null Pointer Dereference Vulnerability in D-Link DSL-2740R Router
CVE-2021-29294

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dsl-2740r Firmware
Vendor: CVE Published:; 10 August 2021

What is CVE-2021-29294?

A null pointer dereference vulnerability exists in the D-Link DSL-2740R router, specifically in the function responsible for handling HNAP requests. A remote attacker could exploit this vulnerability by sending a specially crafted POST request to the HNAP1 endpoint, potentially leading to a denial of service condition. It is important to note that the DSL-2740R and all its hardware revisions have reached their end of life, and thus no patch or fix will be provided for this issue.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Mar 29, 2021

CVE-2021-29294 Data

JSON