Incorrect Access Control in D-Link DIR-2640-US Router
CVE-2021-34203
8.1HIGH
What is CVE-2021-34203?
The D-Link DIR-2640-US router is vulnerable to an Incorrect Access Control issue that arises when the router is configured for PPPoE. This flaw allows the quagga process to be initiated, enabling potential attackers to gain access through telnet using the default password and port settings. Once compromised, an attacker can manipulate routing information, monitor all network traffic, and execute DNS hijacking or phishing attacks. Furthermore, the public exposure of this interface raises concerns about potential backdoors, as it is not intended to be accessible.