Sign-up

ID

VAR-202112-2071


CVE

CVE-2021-20132


TITLE

D-Link DIR-2640 Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2022-08324 // CNNVD: CNNVD-202112-2789

DESCRIPTION

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0). D-Link DIR-2640 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-2640 is a high-power Wi-Fi router from D-Link, a Taiwanese company

Trust: 2.25

sources: NVD: CVE-2021-20132 // JVNDB: JVNDB-2021-017470 // CNVD: CNVD-2022-08324 // VULMON: CVE-2021-20132

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-08324

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-2640-usscope:lteversion:1.11b02

Trust: 1.0

vendor:d linkmodel:d-link dir-2640-usscope:eqversion: -

Trust: 0.8

vendor:d linkmodel:d-link dir-2640-usscope:lteversion:d-link dir-2640-us firmware 1.11b02 and earlier

Trust: 0.8

vendor:d linkmodel:d-link dir-2640 quagga <=1.11b02scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-08324 // JVNDB: JVNDB-2021-017470 // NVD: CVE-2021-20132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-20132
value: HIGH

Trust: 1.0

NVD: CVE-2021-20132
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-08324
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-2789
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-20132
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-08324
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-20132
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-20132
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-08324 // JVNDB: JVNDB-2021-017470 // CNNVD: CNNVD-202112-2789 // NVD: CVE-2021-20132

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-017470 // NVD: CVE-2021-20132

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2789

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202112-2789

PATCH

title:Top Pageurl:https://www.dlink.com/en/consumer

Trust: 0.8

title:Patch for D-Link DIR-2640 Trust Management Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/317431

Trust: 0.6

title:D-Link DIR-2640 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=177159

Trust: 0.6

sources: CNVD: CNVD-2022-08324 // JVNDB: JVNDB-2021-017470 // CNNVD: CNNVD-202112-2789

EXTERNAL IDS

db:NVDid:CVE-2021-20132

Trust: 3.9

db:TENABLEid:TRA-2021-44

Trust: 2.5

db:JVNDBid:JVNDB-2021-017470

Trust: 0.8

db:CNVDid:CNVD-2022-08324

Trust: 0.6

db:CNNVDid:CNNVD-202112-2789

Trust: 0.6

db:VULMONid:CVE-2021-20132

Trust: 0.1

sources: CNVD: CNVD-2022-08324 // VULMON: CVE-2021-20132 // JVNDB: JVNDB-2021-017470 // CNNVD: CNNVD-202112-2789 // NVD: CVE-2021-20132

REFERENCES

url:https://www.tenable.com/security/research/tra-2021-44

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-20132

Trust: 2.0

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-08324 // VULMON: CVE-2021-20132 // JVNDB: JVNDB-2021-017470 // CNNVD: CNNVD-202112-2789 // NVD: CVE-2021-20132

SOURCES

db:CNVDid:CNVD-2022-08324
db:VULMONid:CVE-2021-20132
db:JVNDBid:JVNDB-2021-017470
db:CNNVDid:CNNVD-202112-2789
db:NVDid:CVE-2021-20132

LAST UPDATE DATE

2024-08-14T14:25:05.213000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-08324date:2022-02-04T00:00:00
db:VULMONid:CVE-2021-20132date:2021-12-31T00:00:00
db:JVNDBid:JVNDB-2021-017470date:2023-01-19T05:55:00
db:CNNVDid:CNNVD-202112-2789date:2022-01-13T00:00:00
db:NVDid:CVE-2021-20132date:2022-01-12T20:03:23.057

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-08324date:2022-02-04T00:00:00
db:VULMONid:CVE-2021-20132date:2021-12-30T00:00:00
db:JVNDBid:JVNDB-2021-017470date:2023-01-19T00:00:00
db:CNNVDid:CNNVD-202112-2789date:2021-12-30T00:00:00
db:NVDid:CVE-2021-20132date:2021-12-30T22:15:07.863