Out-of-Bounds Vulnerabilities in D-Link AC2600 Router
CVE-2021-34202

7.8HIGH

Key Information:

Vendor
D-Link
Status
Dir-2640-us Firmware
Vendor
CVE Published:
16 June 2021

Summary

The D-Link AC2600 (DIR-2640) is susceptible to multiple out-of-bounds vulnerabilities which could allow attackers to elevate their permissions from ordinary user to administrator level. Exploiting these vulnerabilities may enable local arbitrary code execution, and when combined with further security flaws, may lead to remote code execution. Users of the affected firmware version are urged to apply security updates to mitigate potential risks.

References

http://d-link.com
x_refsource_MISC
https://www.dlink.com/en/security-bulletin/
x_refsource_MISC
http://dir-2640-us.com
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.