ID

VAR-202107-0893


CVE

CVE-2021-34830


TITLE

D-Link DAP-1330  Stack-based buffer overflow vulnerability in routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-009582

DESCRIPTION

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12028. D-Link DAP-1330 A stack-based buffer overflow vulnerability exists in the router. Zero Day Initiative To this vulnerability ZDI-CAN-12028 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. D-Link DAP-1330 is a WIFI device of China Taiwan D-Link (D-Link) company's network equipment

Trust: 2.88

sources: NVD: CVE-2021-34830 // JVNDB: JVNDB-2021-009582 // ZDI: ZDI-21-682 // CNVD: CNVD-2021-51475 // VULMON: CVE-2021-34830

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-51475

AFFECTED PRODUCTS

vendor:dlinkmodel:dap-1330scope:eqversion:1.13b01

Trust: 1.0

vendor:d linkmodel:dap-1330scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dap-1330scope:eqversion:dap-1330 firmware 1.13b01 beta

Trust: 0.8

vendor:d linkmodel:dap-1330scope: - version: -

Trust: 0.7

vendor:d linkmodel:dap-1330 1.13b01 betascope: - version: -

Trust: 0.6

sources: ZDI: ZDI-21-682 // CNVD: CNVD-2021-51475 // JVNDB: JVNDB-2021-009582 // NVD: CVE-2021-34830

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34830
value: HIGH

Trust: 1.0

zdi-disclosures@trendmicro.com: CVE-2021-34830
value: HIGH

Trust: 1.0

NVD: CVE-2021-34830
value: HIGH

Trust: 0.8

ZDI: CVE-2021-34830
value: HIGH

Trust: 0.7

CNVD: CNVD-2021-51475
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202107-1105
value: HIGH

Trust: 0.6

VULMON: CVE-2021-34830
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-34830
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-51475
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2021-34830
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2021-34830
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ZDI: CVE-2021-34830
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-682 // CNVD: CNVD-2021-51475 // VULMON: CVE-2021-34830 // JVNDB: JVNDB-2021-009582 // CNNVD: CNNVD-202107-1105 // NVD: CVE-2021-34830 // NVD: CVE-2021-34830

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-009582 // NVD: CVE-2021-34830

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1105

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-1105

PATCH

title:Top Pageurl:https://www.dlink.com.br/

Trust: 0.8

sources: JVNDB: JVNDB-2021-009582

EXTERNAL IDS

db:NVDid:CVE-2021-34830

Trust: 4.6

db:ZDIid:ZDI-21-682

Trust: 3.2

db:JVNDBid:JVNDB-2021-009582

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12028

Trust: 0.7

db:CNVDid:CNVD-2021-51475

Trust: 0.6

db:CNNVDid:CNNVD-202107-1105

Trust: 0.6

db:VULMONid:CVE-2021-34830

Trust: 0.1

sources: ZDI: ZDI-21-682 // CNVD: CNVD-2021-51475 // VULMON: CVE-2021-34830 // JVNDB: JVNDB-2021-009582 // CNNVD: CNNVD-202107-1105 // NVD: CVE-2021-34830

REFERENCES

url:https://www.zerodayinitiative.com/advisories/zdi-21-682/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-34830

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/121.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2021-51475 // VULMON: CVE-2021-34830 // JVNDB: JVNDB-2021-009582 // CNNVD: CNNVD-202107-1105 // NVD: CVE-2021-34830

CREDITS

phieulang aka Hoang Le of VietSunShine Cyber Security Services

Trust: 0.7

sources: ZDI: ZDI-21-682

SOURCES

db:ZDIid:ZDI-21-682
db:CNVDid:CNVD-2021-51475
db:VULMONid:CVE-2021-34830
db:JVNDBid:JVNDB-2021-009582
db:CNNVDid:CNNVD-202107-1105
db:NVDid:CVE-2021-34830

LAST UPDATE DATE

2024-08-14T15:27:43.528000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-682date:2021-09-27T00:00:00
db:CNVDid:CNVD-2021-51475date:2021-07-17T00:00:00
db:VULMONid:CVE-2021-34830date:2021-07-20T00:00:00
db:JVNDBid:JVNDB-2021-009582date:2022-05-11T04:55:00
db:CNNVDid:CNNVD-202107-1105date:2021-07-21T00:00:00
db:NVDid:CVE-2021-34830date:2021-07-20T15:25:50.233

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-682date:2021-06-10T00:00:00
db:CNVDid:CNVD-2021-51475date:2021-07-17T00:00:00
db:VULMONid:CVE-2021-34830date:2021-07-15T00:00:00
db:JVNDBid:JVNDB-2021-009582date:2022-05-11T00:00:00
db:CNNVDid:CNNVD-202107-1105date:2021-07-15T00:00:00
db:NVDid:CVE-2021-34830date:2021-07-15T18:15:09.593