CVE-2021-3707

5.5MEDIUM

Key Information:

Vendor
D-link
Status
Dsl-2750u
Vendor
CVE Published:
16 August 2021

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device.

Affected Version(s)

DSL-2750U firmware vME1.16 or prior versions

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

DSL-2750U-Full-chain
Created by HadiMed

References

https://github.com/HadiMed/firmware-analysis/blob/main/DS...
x_refsource_MISC
https://supportannouncement.us.dlink.com/announcement/pub...
x_refsource_CONFIRM
https://jvn.jp/en/vu/JVNVU92088210/
third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

.