Arbitrary Password Modification Vulnerability in D-LINK DSL-2888A Router
CVE-2021-33346

9.8CRITICAL

Key Information:

Vendor: D-Link
Status: Dsl-2888a Firmware
Vendor: CVE Published:; 24 June 2021

What is CVE-2021-33346?

The D-LINK DSL-2888A router is susceptible to an arbitrary password modification vulnerability that allows unauthorized users to alter the admin password. This security flaw can potentially lead to unauthorized access, enabling attackers to exploit the router's management interface. Users are advised to monitor their device's security and apply any available updates to mitigate risks associated with unauthorized access and maintain the integrity of their network configurations.

References

https://www.dlink.com/en/security-bulletin/

x_refsource_MISC

https://github.com/EmYiQing/CVE

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2021
Vulnerability Reserved
May 20, 2021

D-Link

What is CVE-2021-33346?

References

CVSS V3.1

Timeline