Details of VAR-202208-1907

ID

VAR-202208-1907

CVE

CVE-2021-42627

TITLE

plural D-Link Systems, Inc. Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-020186

DESCRIPTION

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. DIR-615 firmware, DIR-615 J1 firmware, dir-615 t1 firmware etc. D-Link Systems, Inc. There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-42627 // JVNDB: JVNDB-2021-020186

AFFECTED PRODUCTS

vendor:	dlink	model:	dir-615 j1	scope:	eq	version:	20.06	Trust: 1.0
vendor:	dlink	model:	dir-615 t1	scope:	eq	version:	20.06	Trust: 1.0
vendor:	dlink	model:	dir-615jx10	scope:	eq	version:	20.06	Trust: 1.0
vendor:	dlink	model:	dir-615	scope:	eq	version:	20.06	Trust: 1.0
vendor:	d link	model:	dir-615jx10	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-615 t1	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-615	scope:	-	version:	-	Trust: 0.8
vendor:	d link	model:	dir-615 j1	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-020186 // NVD: CVE-2021-42627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42627
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-42627
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202208-3737
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-42627
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-42627
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-020186 // CNNVD: CNNVD-202208-3737 // NVD: CVE-2021-42627

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-020186 // NVD: CVE-2021-42627

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-3737

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202208-3737

PATCH

title:

D-Link DIR-615 Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=205782

Trust: 0.6

sources: CNNVD: CNNVD-202208-3737

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42627	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-020186	Trust: 0.8
db:	CNNVD	id:	CNNVD-202208-3737	Trust: 0.6

sources: JVNDB: JVNDB-2021-020186 // CNNVD: CNNVD-202208-3737 // NVD: CVE-2021-42627

REFERENCES

url:	http://dlink.com	Trust: 2.4
url:	https://github.com/sanjokkarki/d-link-dir-615/blob/main/cve-2021-42627	Trust: 2.4
url:	https://www.dlink.com/en/security-bulletin/	Trust: 2.4
url:	http://d-link.com	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42627	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-42627/	Trust: 0.6

sources: JVNDB: JVNDB-2021-020186 // CNNVD: CNNVD-202208-3737 // NVD: CVE-2021-42627

SOURCES

db:	JVNDB	id:	JVNDB-2021-020186
db:	CNNVD	id:	CNNVD-202208-3737
db:	NVD	id:	CVE-2021-42627

LAST UPDATE DATE

2024-08-14T14:17:44.295000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-020186	date:	2023-09-26T08:28:00
db:	CNNVD	id:	CNNVD-202208-3737	date:	2022-08-29T00:00:00
db:	NVD	id:	CVE-2021-42627	date:	2023-04-26T18:55:30.893

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-020186	date:	2023-09-26T00:00:00
db:	CNNVD	id:	CNNVD-202208-3737	date:	2022-08-23T00:00:00
db:	NVD	id:	CVE-2021-42627	date:	2022-08-23T12:15:08.487