Details of VAR-202104-1036

ID

VAR-202104-1036

CVE

CVE-2021-27250

TITLE

D-Link DAP-2020 errorpage External Control of File Name Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-205

DESCRIPTION

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. D-Link, established in 1986, was listed on the Taiwan Stock Exchange in October 1994 City, the first listed network company in Taiwan Province of China, sold globally under the self-created D-Link brand, with more than 100 products Countries

Trust: 2.16

sources: NVD: CVE-2021-27250 // ZDI: ZDI-21-205 // CNVD: CNVD-2021-28689 // VULMON: CVE-2021-27250

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-28689

AFFECTED PRODUCTS

vendor:	d link	model:	dap-2020	scope:	-	version:	-	Trust: 1.3
vendor:	dlink	model:	dap-2020	scope:	eq	version:	1.01	Trust: 1.0

sources: ZDI: ZDI-21-205 // CNVD: CNVD-2021-28689 // NVD: CVE-2021-27250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27250
value:	MEDIUM
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-27250
value:	MEDIUM
Trust: 1.0
ZDI:	CVE-2021-27250
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2021-28689
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-1139
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-27250
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-27250
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-28689
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-27250
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
zdi-disclosures@trendmicro.com:	CVE-2021-27250
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0
ZDI:	CVE-2021-27250
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-205 // CNVD: CNVD-2021-28689 // VULMON: CVE-2021-27250 // CNNVD: CNNVD-202104-1139 // NVD: CVE-2021-27250 // NVD: CVE-2021-27250

PROBLEMTYPE DATA

problemtype:

CWE-73

Trust: 1.0

sources: NVD: CVE-2021-27250

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-1139

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-1139

PATCH

title:	D-Link has issued an update to correct this vulnerability.	url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10201	Trust: 0.7
title:	D-Link DAP-2020 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147501	Trust: 0.6
title:	https://github.com/Alonzozzz/alonzzzo	url:	https://github.com/Alonzozzz/alonzzzo	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/ArrestX/--POC	Trust: 0.1
title:	Normal-POC	url:	https://github.com/Miraitowa70/POC-Notes	Trust: 0.1
title:	Normal-POC	url:	https://github.com/Miraitowa70/Pentest-Notes	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/KayCHENvip/vulnerability-poc	Trust: 0.1
title:	https://github.com/20142995/Goby	url:	https://github.com/20142995/Goby	Trust: 0.1
title:	Awesome-POC	url:	https://github.com/Threekiii/Awesome-POC	Trust: 0.1
title:	Goby_POC POC 数量1319	url:	https://github.com/Z0fhack/Goby_POC	Trust: 0.1

sources: ZDI: ZDI-21-205 // VULMON: CVE-2021-27250 // CNNVD: CNNVD-202104-1139

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27250	Trust: 3.0
db:	ZDI	id:	ZDI-21-205	Trust: 2.4
db:	DLINK	id:	SAP10201	Trust: 1.7
db:	ZDI_CAN	id:	ZDI-CAN-11856	Trust: 0.7
db:	CNVD	id:	CNVD-2021-28689	Trust: 0.6
db:	CS-HELP	id:	SB2021100105	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-1139	Trust: 0.6
db:	VULMON	id:	CVE-2021-27250	Trust: 0.1

sources: ZDI: ZDI-21-205 // CNVD: CNVD-2021-28689 // VULMON: CVE-2021-27250 // CNNVD: CNNVD-202104-1139 // NVD: CVE-2021-27250

REFERENCES

url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10201	Trust: 2.4
url:	https://www.zerodayinitiative.com/advisories/zdi-21-205/	Trust: 1.8
url:	https://suid.ch/research/dap-2020_preauth_rce_chain.html	Trust: 0.6
url:	https://mp.weixin.qq.com/s/spm8akrz1byxd9qz6n_71w	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100105	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27250	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/73.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alonzozzz/alonzzzo	Trust: 0.1

sources: ZDI: ZDI-21-205 // CNVD: CNVD-2021-28689 // VULMON: CVE-2021-27250 // CNNVD: CNNVD-202104-1139 // NVD: CVE-2021-27250

CREDITS

SUID

Trust: 0.7

sources: ZDI: ZDI-21-205

SOURCES

db:	ZDI	id:	ZDI-21-205
db:	CNVD	id:	CNVD-2021-28689
db:	VULMON	id:	CVE-2021-27250
db:	CNNVD	id:	CNNVD-202104-1139
db:	NVD	id:	CVE-2021-27250

LAST UPDATE DATE

2024-11-23T21:50:53.291000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-205	date:	2021-02-24T00:00:00
db:	CNVD	id:	CNVD-2021-28689	date:	2021-04-15T00:00:00
db:	VULMON	id:	CVE-2021-27250	date:	2023-11-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-1139	date:	2021-10-08T00:00:00
db:	NVD	id:	CVE-2021-27250	date:	2024-11-21T05:57:41.163

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-205	date:	2021-02-24T00:00:00
db:	CNVD	id:	CNVD-2021-28689	date:	2021-04-15T00:00:00
db:	VULMON	id:	CVE-2021-27250	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-1139	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-27250	date:	2021-04-14T16:15:13.533