Details of VAR-202106-1773

ID

VAR-202106-1773

CVE

CVE-2021-34203

TITLE

D-Link DIR-2640-US Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-008351

DESCRIPTION

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed. D-Link DIR-2640-US Contains an improper authentication vulnerability.Information may be obtained and information may be tampered with. D-Link DIR-2640-US is a network router device. D-Link DIR-2640-US has security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2021-34203 // JVNDB: JVNDB-2021-008351 // CNVD: CNVD-2021-44914

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-44914

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-2640-us	scope:	eq	version:	1.01b04	Trust: 1.0
vendor:	d link	model:	d-link dir-2640-us	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	d-link dir-2640-us	scope:	eq	version:	d-link dir-2640-us firmware 1.01b04	Trust: 0.8
vendor:	d link	model:	dir-2640-us 1.01b04	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-44914 // JVNDB: JVNDB-2021-008351 // NVD: CVE-2021-34203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34203
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-34203
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-44914
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-1354
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-34203
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-44914
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-34203
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34203
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-44914 // JVNDB: JVNDB-2021-008351 // CNNVD: CNNVD-202106-1354 // NVD: CVE-2021-34203

PROBLEMTYPE DATA

problemtype:	CWE-1188	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008351 // NVD: CVE-2021-34203

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202106-1354

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-1354

PATCH

title:	Security Bulletin	url:	https://www.dlink.com/en/security-bulletin/	Trust: 0.8
title:	Patch for D-Link DIR-2640-US incorrect access control vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/275166	Trust: 0.6
title:	D-Link DIR-2640-US Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155304	Trust: 0.6

sources: CNVD: CNVD-2021-44914 // JVNDB: JVNDB-2021-008351 // CNNVD: CNNVD-202106-1354

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34203	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-008351	Trust: 0.8
db:	CNVD	id:	CNVD-2021-44914	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1354	Trust: 0.6

sources: CNVD: CNVD-2021-44914 // JVNDB: JVNDB-2021-008351 // CNNVD: CNNVD-202106-1354 // NVD: CVE-2021-34203

REFERENCES

url:	https://github.com/liyansong2018/cve/tree/main/2021/cve-2021-34203	Trust: 2.4
url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.6
url:	http://d-link.com	Trust: 1.6
url:	http://dir-2640-us.com	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34203	Trust: 1.4

sources: CNVD: CNVD-2021-44914 // JVNDB: JVNDB-2021-008351 // CNNVD: CNNVD-202106-1354 // NVD: CVE-2021-34203

SOURCES

db:	CNVD	id:	CNVD-2021-44914
db:	JVNDB	id:	JVNDB-2021-008351
db:	CNNVD	id:	CNNVD-202106-1354
db:	NVD	id:	CVE-2021-34203

LAST UPDATE DATE

2024-08-14T13:23:30.758000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-44914	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-008351	date:	2022-03-14T07:16:00
db:	CNNVD	id:	CNNVD-202106-1354	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-34203	date:	2024-02-14T01:17:43.863

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-44914	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-008351	date:	2022-03-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-1354	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-34203	date:	2021-06-16T20:15:07.610