Sign-up

ID

VAR-202104-1463


CVE

CVE-2021-29379


TITLE

D-Link DIR-802 A1  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-005406

DESCRIPTION

An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DIR-802 A1 Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-802 is a wireless router of D-Link company in Taiwan. D-Link DIR-802 A1 1.00b05 and earlier versions have a command injection vulnerability

Trust: 2.25

sources: NVD: CVE-2021-29379 // JVNDB: JVNDB-2021-005406 // CNVD: CNVD-2021-29827 // VULMON: CVE-2021-29379

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-29827

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-802scope:lteversion:1.00b05

Trust: 1.0

vendor:d linkmodel:dir-802scope:lteversion:dir-802 firmware a1 1.00b05 until

Trust: 0.8

vendor:d linkmodel:dir-802scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-802 a1 <=1.00b05scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-29827 // JVNDB: JVNDB-2021-005406 // NVD: CVE-2021-29379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-29379
value: HIGH

Trust: 1.0

NVD: CVE-2021-29379
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-29827
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-689
value: HIGH

Trust: 0.6

VULMON: CVE-2021-29379
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-29379
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-29827
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-29379
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-29379
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-29827 // VULMON: CVE-2021-29379 // JVNDB: JVNDB-2021-005406 // CNNVD: CNNVD-202104-689 // NVD: CVE-2021-29379

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-005406 // NVD: CVE-2021-29379

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202104-689

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-689

PATCH

title: - url:https://www.dlink.com/en/security-bulletin

Trust: 0.8

title:Patch for D-Link DIR-802 command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/259891

Trust: 0.6

title:D-Link DIR-802 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147262

Trust: 0.6

title:Vulnerabilityurl:https://github.com/tzwlhack/Vulnerability

Trust: 0.1

title:Awesome-POCurl:https://github.com/KayCHENvip/vulnerability-poc

Trust: 0.1

title:Awesome-POCurl:https://github.com/Threekiii/Awesome-POC

Trust: 0.1

sources: CNVD: CNVD-2021-29827 // VULMON: CVE-2021-29379 // JVNDB: JVNDB-2021-005406 // CNNVD: CNNVD-202104-689

EXTERNAL IDS

db:NVDid:CVE-2021-29379

Trust: 3.9

db:DLINKid:SAP10206

Trust: 1.7

db:JVNDBid:JVNDB-2021-005406

Trust: 0.8

db:CNVDid:CNVD-2021-29827

Trust: 0.6

db:CNNVDid:CNNVD-202104-689

Trust: 0.6

db:VULMONid:CVE-2021-29379

Trust: 0.1

sources: CNVD: CNVD-2021-29827 // VULMON: CVE-2021-29379 // JVNDB: JVNDB-2021-005406 // CNNVD: CNNVD-202104-689 // NVD: CVE-2021-29379

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-29379

Trust: 2.0

url:https://www.dlink.com/en/security-bulletin/

Trust: 1.7

url:https://cool-y.github.io/2021/03/02/dir-802-os-command-injection

Trust: 1.7

url:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10206

Trust: 1.7

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/tzwlhack/vulnerability

Trust: 0.1

url:https://github.com/kaychenvip/vulnerability-poc

Trust: 0.1

sources: CNVD: CNVD-2021-29827 // VULMON: CVE-2021-29379 // JVNDB: JVNDB-2021-005406 // CNNVD: CNNVD-202104-689 // NVD: CVE-2021-29379

SOURCES

db:CNVDid:CNVD-2021-29827
db:VULMONid:CVE-2021-29379
db:JVNDBid:JVNDB-2021-005406
db:CNNVDid:CNNVD-202104-689
db:NVDid:CVE-2021-29379

LAST UPDATE DATE

2024-11-23T23:01:02.382000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-29827date:2021-04-21T00:00:00
db:VULMONid:CVE-2021-29379date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2021-005406date:2021-12-14T07:00:00
db:CNNVDid:CNNVD-202104-689date:2021-04-20T00:00:00
db:NVDid:CVE-2021-29379date:2024-11-21T06:01:01.220

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-29827date:2021-04-21T00:00:00
db:VULMONid:CVE-2021-29379date:2021-04-12T00:00:00
db:JVNDBid:JVNDB-2021-005406date:2021-12-14T00:00:00
db:CNNVDid:CNNVD-202104-689date:2021-04-12T00:00:00
db:NVDid:CVE-2021-29379date:2021-04-12T05:15:12.503