CVE-2021-34202
Last modified
CVE-2021-34202 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. EPSS estimates a 4.37% chance of exploitation in the next 30 days.
Description
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-2640-Us Firmware | 1.01b04 |
References
- http://d-link.comVendor Advisory
- http://dir-2640-us.comBroken Link, URL Repurposed
- https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202Exploit, Third Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
- http://d-link.comVendor Advisory
- http://dir-2640-us.comBroken Link, URL Repurposed
- https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202Exploit, Third Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-34202?
How severe is CVE-2021-34202?
How do I fix CVE-2021-34202?
Are you affected by CVE-2021-34202?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST