Details of VAR-202106-1774

ID

VAR-202106-1774

CVE

CVE-2021-34204

TITLE

D-Link DIR-2640-US Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-008236

DESCRIPTION

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges. D-Link DIR-2640-US Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DIR-2640-US is a network router device. D-Link DIR-2640-US has security vulnerabilities

Trust: 2.16

sources: NVD: CVE-2021-34204 // JVNDB: JVNDB-2021-008236 // CNVD: CNVD-2021-44915

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-44915

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-2640-us	scope:	eq	version:	1.01b04	Trust: 1.0
vendor:	d link	model:	d-link dir-2640-us	scope:	eq	version:	d-link dir-2640-us firmware 1.01b04	Trust: 0.8
vendor:	d link	model:	d-link dir-2640-us	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dir-2640-us 1.01b04	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-44915 // JVNDB: JVNDB-2021-008236 // NVD: CVE-2021-34204

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34204
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34204
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-44915
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202106-1355
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-34204
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-44915
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-34204
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34204
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-44915 // JVNDB: JVNDB-2021-008236 // CNNVD: CNNVD-202106-1355 // NVD: CVE-2021-34204

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008236 // NVD: CVE-2021-34204

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-1355

PATCH

title:	Security Bulletin	url:	https://www.dlink.com/en/security-bulletin/	Trust: 0.8
title:	Patch for D-Link DIR-2640-US account password plaintext storage vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/275161	Trust: 0.6
title:	D-Link DIR-2640 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154444	Trust: 0.6

sources: CNVD: CNVD-2021-44915 // JVNDB: JVNDB-2021-008236 // CNNVD: CNNVD-202106-1355

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34204	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-008236	Trust: 0.8
db:	CNVD	id:	CNVD-2021-44915	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-1355	Trust: 0.6

sources: CNVD: CNVD-2021-44915 // JVNDB: JVNDB-2021-008236 // CNNVD: CNNVD-202106-1355 // NVD: CVE-2021-34204

REFERENCES

url:	https://github.com/liyansong2018/cve/tree/main/2021/cve-2021-34204	Trust: 2.4
url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.6
url:	http://d-link.com	Trust: 1.6
url:	http://dir-2640-us.com	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34204	Trust: 1.4

sources: CNVD: CNVD-2021-44915 // JVNDB: JVNDB-2021-008236 // CNNVD: CNNVD-202106-1355 // NVD: CVE-2021-34204

SOURCES

db:	CNVD	id:	CNVD-2021-44915
db:	JVNDB	id:	JVNDB-2021-008236
db:	CNNVD	id:	CNNVD-202106-1355
db:	NVD	id:	CVE-2021-34204

LAST UPDATE DATE

2024-08-14T14:55:55.462000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-44915	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-008236	date:	2022-03-09T08:23:00
db:	CNNVD	id:	CNNVD-202106-1355	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-34204	date:	2024-02-14T01:17:43.863

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-44915	date:	2021-06-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-008236	date:	2022-03-09T00:00:00
db:	CNNVD	id:	CNNVD-202106-1355	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-34204	date:	2021-06-16T20:15:07.647