Null Pointer Dereference Vulnerability in D-Link DIR-825 Router
CVE-2021-29296

7.5HIGH

Key Information:

Vendor: D-Link
Status: Dir-825 Firmware
Vendor: CVE Published:; 10 August 2021

What is CVE-2021-29296?

A null pointer dereference vulnerability exists in the D-Link DIR-825 router, specifically in version 2.10b02. This flaw allows a remote attacker to craft a specific HTTP request targeting the URL '/vct_wan', which triggers the device's httpd service to process a null argument in the strchr function. This erroneous action results in a segmentation fault, leading to a denial of service condition. Given that the DIR-825 model has reached its end-of-life status, no patch will be available to rectify this issue.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Mar 29, 2021