Details of VAR-202105-0688

ID

VAR-202105-0688

CVE

CVE-2021-27342

TITLE

D-Link Router model DIR-842 Observable mismatch vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2021-006988

DESCRIPTION

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack. D-Link Router model DIR-842 There is an observable mismatch vulnerability in the firmware.Information may be tampered with. D-Link DIR-842 is a home router produced by Taiwan D-Link Technology Co., Ltd

Trust: 2.25

sources: NVD: CVE-2021-27342 // JVNDB: JVNDB-2021-006988 // CNVD: CNVD-2022-38537 // VULMON: CVE-2021-27342

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-38537

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-842e	scope:	lte	version:	3.0.2	Trust: 1.0
vendor:	d link	model:	dir-842e	scope:	eq	version:	dir-842e firmware 3.0.2	Trust: 0.8
vendor:	d link	model:	dir-842e	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dir-842	scope:	eq	version:	3.0.2	Trust: 0.6

sources: CNVD: CNVD-2022-38537 // JVNDB: JVNDB-2021-006988 // NVD: CVE-2021-27342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27342
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-27342
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-38537
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1167
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-27342
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-27342
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-38537
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-27342
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-27342
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-38537 // VULMON: CVE-2021-27342 // JVNDB: JVNDB-2021-006988 // CNNVD: CNNVD-202105-1167 // NVD: CVE-2021-27342

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	Observable discrepancy (CWE-203) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006988 // NVD: CVE-2021-27342

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1167

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1167

PATCH

title:	Telnetd brute-force protection bypass	url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10225	Trust: 0.8
title:	Patch for D-Link DIR-842 telnetd authentication explosion protection mechanism bypass vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/333386	Trust: 0.6
title:	D-Link Router Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151838	Trust: 0.6
title:	D-Link-CVE-2021-27342-exploit	url:	https://github.com/guywhataguy/D-Link-CVE-2021-27342-exploit	Trust: 0.1

sources: CNVD: CNVD-2022-38537 // VULMON: CVE-2021-27342 // JVNDB: JVNDB-2021-006988 // CNNVD: CNNVD-202105-1167

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27342	Trust: 3.9
db:	DLINK	id:	SAP10225	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-006988	Trust: 0.8
db:	CNVD	id:	CNVD-2022-38537	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1167	Trust: 0.6
db:	VULMON	id:	CVE-2021-27342	Trust: 0.1

sources: CNVD: CNVD-2022-38537 // VULMON: CVE-2021-27342 // JVNDB: JVNDB-2021-006988 // CNNVD: CNNVD-202105-1167 // NVD: CVE-2021-27342

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-27342	Trust: 2.0
url:	https://github.com/guywhataguy/d-link-cve-2021-27342-exploit/blob/main/dlink-telnet-exploit-cve-2021-27342.py	Trust: 1.7
url:	https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html	Trust: 1.7
url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10225	Trust: 1.7
url:	https://cwe.mitre.org/data/definitions/203.html	Trust: 0.1
url:	https://github.com/guywhataguy/d-link-cve-2021-27342-exploit	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-38537 // VULMON: CVE-2021-27342 // JVNDB: JVNDB-2021-006988 // CNNVD: CNNVD-202105-1167 // NVD: CVE-2021-27342

SOURCES

db:	CNVD	id:	CNVD-2022-38537
db:	VULMON	id:	CVE-2021-27342
db:	JVNDB	id:	JVNDB-2021-006988
db:	CNNVD	id:	CNNVD-202105-1167
db:	NVD	id:	CVE-2021-27342

LAST UPDATE DATE

2024-08-14T14:11:23.439000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-38537	date:	2022-05-20T00:00:00
db:	VULMON	id:	CVE-2021-27342	date:	2021-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-006988	date:	2022-01-27T08:58:00
db:	CNNVD	id:	CNNVD-202105-1167	date:	2021-05-25T00:00:00
db:	NVD	id:	CVE-2021-27342	date:	2021-05-24T20:14:05.517

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-38537	date:	2022-05-20T00:00:00
db:	VULMON	id:	CVE-2021-27342	date:	2021-05-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-006988	date:	2022-01-27T00:00:00
db:	CNNVD	id:	CNNVD-202105-1167	date:	2021-05-17T00:00:00
db:	NVD	id:	CVE-2021-27342	date:	2021-05-17T13:15:07.733