Sign-up

ID

VAR-202112-2070


CVE

CVE-2021-20133


TITLE

D-Link DIR-2640 Path Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-08346 // CNNVD: CNNVD-202112-2791

DESCRIPTION

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd). D-Link DIR-2640 Exists in a past traversal vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. D-Link DIR-2640 is a high-power Wi-Fi router from D-Link, a Taiwanese company. D-Link DIR-2640 has a security vulnerability, which can be exploited by remote attackers to submit special requests and read the contents of system files in the context of the application

Trust: 2.25

sources: NVD: CVE-2021-20133 // JVNDB: JVNDB-2021-017471 // CNVD: CNVD-2022-08346 // VULMON: CVE-2021-20133

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-08346

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-2640-usscope:lteversion:1.11b02

Trust: 1.0

vendor:d linkmodel:d-link dir-2640-usscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:d-link dir-2640-usscope:lteversion:d-link dir-2640-us firmware 1.11b02 and earlier

Trust: 0.8

vendor:d linkmodel:dir-2640 <=1.11b02scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-08346 // JVNDB: JVNDB-2021-017471 // NVD: CVE-2021-20133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20133
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-20133
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-08346
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-2791
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-20133
severity: HIGH
baseScore: 7.1
vectorString: AV:A/AC:L/AU:S/C:C/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-08346
severity: HIGH
baseScore: 7.1
vectorString: AV:A/AC:L/AU:S/C:C/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-20133
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-20133
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-08346 // JVNDB: JVNDB-2021-017471 // CNNVD: CNNVD-202112-2791 // NVD: CVE-2021-20133

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017471 // NVD: CVE-2021-20133

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2791

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202112-2791

PATCH

title:Top Pageurl:https://www.dlink.com/en/consumer

Trust: 0.8

title:Patch for D-Link DIR-2640 Path Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/317616

Trust: 0.6

title:D-Link DIR-2640 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177161

Trust: 0.6

sources: CNVD: CNVD-2022-08346 // JVNDB: JVNDB-2021-017471 // CNNVD: CNNVD-202112-2791

EXTERNAL IDS

db:NVDid:CVE-2021-20133

Trust: 3.9

db:TENABLEid:TRA-2021-44

Trust: 2.5

db:JVNDBid:JVNDB-2021-017471

Trust: 0.8

db:CNVDid:CNVD-2022-08346

Trust: 0.6

db:CNNVDid:CNNVD-202112-2791

Trust: 0.6

db:VULMONid:CVE-2021-20133

Trust: 0.1

sources: CNVD: CNVD-2022-08346 // VULMON: CVE-2021-20133 // JVNDB: JVNDB-2021-017471 // CNNVD: CNNVD-202112-2791 // NVD: CVE-2021-20133

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-44

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-20133

Trust: 2.0

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-08346 // VULMON: CVE-2021-20133 // JVNDB: JVNDB-2021-017471 // CNNVD: CNNVD-202112-2791 // NVD: CVE-2021-20133

SOURCES

db:CNVDid:CNVD-2022-08346
db:VULMONid:CVE-2021-20133
db:JVNDBid:JVNDB-2021-017471
db:CNNVDid:CNNVD-202112-2791
db:NVDid:CVE-2021-20133

LAST UPDATE DATE

2024-08-14T14:25:05.152000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-08346date:2022-02-05T00:00:00
db:VULMONid:CVE-2021-20133date:2021-12-31T00:00:00
db:JVNDBid:JVNDB-2021-017471date:2023-01-19T05:55:00
db:CNNVDid:CNNVD-202112-2791date:2022-01-13T00:00:00
db:NVDid:CVE-2021-20133date:2022-01-12T20:03:49.230

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-08346date:2022-02-04T00:00:00
db:VULMONid:CVE-2021-20133date:2021-12-30T00:00:00
db:JVNDBid:JVNDB-2021-017471date:2023-01-19T00:00:00
db:CNNVDid:CNNVD-202112-2791date:2021-12-30T00:00:00
db:NVDid:CVE-2021-20133date:2021-12-30T22:15:08.230