ID

VAR-202107-0891


CVE

CVE-2021-34828


TITLE

D-Link DAP-1330  Classic buffer overflow vulnerability in routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-009580

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066. D-Link DAP-1330 A classic buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12066 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

Trust: 2.88

sources: NVD: CVE-2021-34828 // JVNDB: JVNDB-2021-009580 // ZDI: ZDI-21-680 // CNVD: CNVD-2021-51473 // VULMON: CVE-2021-34828

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-51473

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1330scope:eqversion:1.13b01

Trust: 1.0

vendor:d linkmodel:dap-1330scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dap-1330scope:eqversion:dap-1330 firmware 1.13b01 beta

Trust: 0.8

vendor:d linkmodel:dap-1330scope: - version: -

Trust: 0.7

vendor:d linkmodel:dap-1330 1.13b01 betascope: - version: -

Trust: 0.6

sources: ZDI: ZDI-21-680 // CNVD: CNVD-2021-51473 // JVNDB: JVNDB-2021-009580 // NVD: CVE-2021-34828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34828
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2021-34828
value: HIGH

Trust: 1.0

NVD: CVE-2021-34828
value: HIGH

Trust: 0.8

ZDI: ZDI-21-680
value: HIGH

Trust: 0.7

CNVD: CNVD-2021-51473
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202107-1103
value: HIGH

Trust: 0.6

VULMON: CVE-2021-34828
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-34828
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-51473
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2021-34828
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-34828
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: ZDI-21-680
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-680 // CNVD: CNVD-2021-51473 // VULMON: CVE-2021-34828 // JVNDB: JVNDB-2021-009580 // CNNVD: CNNVD-202107-1103 // NVD: CVE-2021-34828 // NVD: CVE-2021-34828

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009580 // NVD: CVE-2021-34828

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1103

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-1103

PATCH

title:Top Pageurl:https://www.dlink.com.br/

Trust: 0.8

sources: JVNDB: JVNDB-2021-009580

EXTERNAL IDS

db:NVDid:CVE-2021-34828

Trust: 3.9

db:ZDIid:ZDI-21-680

Trust: 3.2

db:JVNDBid:JVNDB-2021-009580

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12066

Trust: 0.7

db:CNVDid:CNVD-2021-51473

Trust: 0.6

db:CNNVDid:CNNVD-202107-1103

Trust: 0.6

db:VULMONid:CVE-2021-34828

Trust: 0.1

sources: ZDI: ZDI-21-680 // CNVD: CNVD-2021-51473 // VULMON: CVE-2021-34828 // JVNDB: JVNDB-2021-009580 // CNNVD: CNNVD-202107-1103 // NVD: CVE-2021-34828

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-680/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34828

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-51473 // VULMON: CVE-2021-34828 // JVNDB: JVNDB-2021-009580 // CNNVD: CNNVD-202107-1103 // NVD: CVE-2021-34828

CREDITS

chung96vn of Vietnam National Cyber Security Center (NCSC Vietnam)

Trust: 0.7

sources: ZDI: ZDI-21-680

SOURCES

db:ZDIid:ZDI-21-680
db:CNVDid:CNVD-2021-51473
db:VULMONid:CVE-2021-34828
db:JVNDBid:JVNDB-2021-009580
db:CNNVDid:CNNVD-202107-1103
db:NVDid:CVE-2021-34828

LAST UPDATE DATE

2024-08-14T14:37:59.233000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-680date:2021-06-10T00:00:00
db:CNVDid:CNVD-2021-51473date:2021-07-17T00:00:00
db:VULMONid:CVE-2021-34828date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-009580date:2022-05-11T04:55:00
db:CNNVDid:CNNVD-202107-1103date:2021-07-21T00:00:00
db:NVDid:CVE-2021-34828date:2021-07-20T16:33:19.747

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-680date:2021-06-10T00:00:00
db:CNVDid:CNVD-2021-51473date:2021-07-17T00:00:00
db:VULMONid:CVE-2021-34828date:2021-07-15T00:00:00
db:JVNDBid:JVNDB-2021-009580date:2022-05-11T00:00:00
db:CNNVDid:CNNVD-202107-1103date:2021-07-15T00:00:00
db:NVDid:CVE-2021-34828date:2021-07-15T18:15:09.327