Details of VAR-202108-1371

ID

VAR-202108-1371

CVE

CVE-2021-39615

TITLE

D-Link DSR-500N Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2021-011000

DESCRIPTION

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. D-Link DSR-500N Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DSR-500N is a wireless router produced by D-Link in Taiwan. D-Link DSR-500N has a security vulnerability. The vulnerability stems from the fact that version 1.02 of D-Link DSR-500N contains hard-coded credentials for user accounts that are not documented in the "etc/passwd" file. An attacker can use this vulnerability to successfully recover the plaintext password that identifies the hash value

Trust: 2.25

sources: NVD: CVE-2021-39615 // JVNDB: JVNDB-2021-011000 // CNVD: CNVD-2021-67519 // VULMON: CVE-2021-39615

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-67519

AFFECTED PRODUCTS

vendor:	dlink	model:	dsr-500n	scope:	eq	version:	1.02	Trust: 1.0
vendor:	d link	model:	dsr-500n	scope:	eq	version:	-	Trust: 0.8
vendor:	d link	model:	dsr-500n	scope:	eq	version:	dsr-500n firmware 1.02	Trust: 0.8
vendor:	d link	model:	dsr-500n	scope:	eq	version:	1.02	Trust: 0.6

sources: CNVD: CNVD-2021-67519 // JVNDB: JVNDB-2021-011000 // NVD: CVE-2021-39615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-39615
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-39615
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-67519
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202108-1922
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-39615
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-39615
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-67519
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-39615
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-39615
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-67519 // VULMON: CVE-2021-39615 // JVNDB: JVNDB-2021-011000 // CNNVD: CNNVD-202108-1922 // NVD: CVE-2021-39615

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	Use hard-coded credentials (CWE-798) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011000 // NVD: CVE-2021-39615

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1922

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202108-1922

PATCH

title:	-	url:	https://www.dlink.com/en/security-bulletin	Trust: 0.8
title:	Patch for D-Link DSR-500N default account vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/288971	Trust: 0.6
title:	D-Link DSR-500N Repair measures for trust management problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=161019	Trust: 0.6

sources: CNVD: CNVD-2021-67519 // JVNDB: JVNDB-2021-011000 // CNNVD: CNNVD-202108-1922

EXTERNAL IDS

db:	NVD	id:	CVE-2021-39615	Trust: 3.9
db:	DLINK	id:	SAP10235	Trust: 1.7
db:	JVNDB	id:	JVNDB-2021-011000	Trust: 0.8
db:	CNVD	id:	CNVD-2021-67519	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1922	Trust: 0.6
db:	VULMON	id:	CVE-2021-39615	Trust: 0.1

sources: CNVD: CNVD-2021-67519 // VULMON: CVE-2021-39615 // JVNDB: JVNDB-2021-011000 // CNNVD: CNNVD-202108-1922 // NVD: CVE-2021-39615

REFERENCES

url:	https://www.dlink.com/en/security-bulletin/	Trust: 1.7
url:	https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=sap10235	Trust: 1.7
url:	https://www.nussko.com/advisories/advisory-2021-08-02.txt	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39615	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-67519 // VULMON: CVE-2021-39615 // JVNDB: JVNDB-2021-011000 // CNNVD: CNNVD-202108-1922 // NVD: CVE-2021-39615

SOURCES

db:	CNVD	id:	CNVD-2021-67519
db:	VULMON	id:	CVE-2021-39615
db:	JVNDB	id:	JVNDB-2021-011000
db:	CNNVD	id:	CNNVD-202108-1922
db:	NVD	id:	CVE-2021-39615

LAST UPDATE DATE

2024-08-14T15:42:46.505000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-67519	date:	2021-09-02T00:00:00
db:	VULMON	id:	CVE-2021-39615	date:	2021-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-011000	date:	2022-07-14T02:31:00
db:	CNNVD	id:	CNNVD-202108-1922	date:	2021-08-31T00:00:00
db:	NVD	id:	CVE-2021-39615	date:	2024-08-04T03:15:16.023

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-67519	date:	2021-09-02T00:00:00
db:	VULMON	id:	CVE-2021-39615	date:	2021-08-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-011000	date:	2022-07-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-1922	date:	2021-08-23T00:00:00
db:	NVD	id:	CVE-2021-39615	date:	2021-08-23T22:15:28.937