Sign-up

ID

VAR-202107-0890


CVE

CVE-2021-34827


TITLE

D-Link DAP-1330  Stack-based buffer overflow vulnerability in routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-009579

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12029. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12029 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

Trust: 2.88

sources: NVD: CVE-2021-34827 // JVNDB: JVNDB-2021-009579 // ZDI: ZDI-21-679 // CNVD: CNVD-2021-51472 // VULMON: CVE-2021-34827

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-51472

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1330scope:eqversion:1.13b01

Trust: 1.0

vendor:d linkmodel:dap-1330scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dap-1330scope:eqversion:dap-1330 firmware 1.13b01 beta

Trust: 0.8

vendor:d linkmodel:dap-1330scope: - version: -

Trust: 0.7

vendor:d linkmodel:dap-1330 1.13b01 betascope: - version: -

Trust: 0.6

sources: ZDI: ZDI-21-679 // CNVD: CNVD-2021-51472 // JVNDB: JVNDB-2021-009579 // NVD: CVE-2021-34827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34827
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2021-34827
value: HIGH

Trust: 1.0

NVD: CVE-2021-34827
value: HIGH

Trust: 0.8

ZDI: CVE-2021-34827
value: HIGH

Trust: 0.7

CNVD: CNVD-2021-51472
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202107-1104
value: HIGH

Trust: 0.6

VULMON: CVE-2021-34827
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-34827
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-51472
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2021-34827
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-34827
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2021-34827
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-679 // CNVD: CNVD-2021-51472 // VULMON: CVE-2021-34827 // JVNDB: JVNDB-2021-009579 // CNNVD: CNNVD-202107-1104 // NVD: CVE-2021-34827 // NVD: CVE-2021-34827

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009579 // NVD: CVE-2021-34827

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1104

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-1104

PATCH

title:Top Pageurl:https://www.dlink.com.br/

Trust: 0.8

sources: JVNDB: JVNDB-2021-009579

EXTERNAL IDS

db:NVDid:CVE-2021-34827

Trust: 4.6

db:ZDIid:ZDI-21-679

Trust: 3.2

db:JVNDBid:JVNDB-2021-009579

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12029

Trust: 0.7

db:CNVDid:CNVD-2021-51472

Trust: 0.6

db:CNNVDid:CNNVD-202107-1104

Trust: 0.6

db:VULMONid:CVE-2021-34827

Trust: 0.1

sources: ZDI: ZDI-21-679 // CNVD: CNVD-2021-51472 // VULMON: CVE-2021-34827 // JVNDB: JVNDB-2021-009579 // CNNVD: CNNVD-202107-1104 // NVD: CVE-2021-34827

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-679/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34827

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/121.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-34827 // JVNDB: JVNDB-2021-009579 // CNNVD: CNNVD-202107-1104 // NVD: CVE-2021-34827

CREDITS

phieulang aka Hoang Le of VietSunShine Cyber Security Services

Trust: 0.7

sources: ZDI: ZDI-21-679

SOURCES

db:ZDIid:ZDI-21-679
db:CNVDid:CNVD-2021-51472
db:VULMONid:CVE-2021-34827
db:JVNDBid:JVNDB-2021-009579
db:CNNVDid:CNNVD-202107-1104
db:NVDid:CVE-2021-34827

LAST UPDATE DATE

2024-08-14T15:33:06.647000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-679date:2021-09-27T00:00:00
db:CNVDid:CNVD-2021-51472date:2021-07-17T00:00:00
db:VULMONid:CVE-2021-34827date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-009579date:2022-05-11T04:55:00
db:CNNVDid:CNNVD-202107-1104date:2021-07-21T00:00:00
db:NVDid:CVE-2021-34827date:2021-07-20T16:36:26.177

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-679date:2021-06-10T00:00:00
db:CNVDid:CNVD-2021-51472date:2021-07-17T00:00:00
db:VULMONid:CVE-2021-34827date:2021-07-15T00:00:00
db:JVNDBid:JVNDB-2021-009579date:2022-05-11T00:00:00
db:CNNVDid:CNNVD-202107-1104date:2021-07-15T00:00:00
db:NVDid:CVE-2021-34827date:2021-07-15T18:15:09.233