CVE-2021-3708

7.8HIGH

Key Information:

Vendor: D-link
Status: Dsl-2750u
Vendor: CVE Published:; 16 August 2021

Summary

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.

Affected Version(s)

DSL-2750U firmware vME1.16 or prior versions

References

https://github.com/HadiMed/firmware-analysis/blob/main/DS...

x_refsource_MISC

https://supportannouncement.us.dlink.com/announcement/pub...

x_refsource_CONFIRM

https://jvn.jp/en/vu/JVNVU92088210/

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 16, 2021
Vulnerability Reserved
Aug 15, 2021