CVE-2021-34203 - OpenCVE

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Dlink	Dir-2640-us Firmware Dir-2640-us

Configuration 1 [-]

AND

cpe:2.3:o:dlink:dir-2640-us_firmware:1.01b04:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*

References

Link	Resource
http://d-link.com	Vendor Advisory
http://dir-2640-us.com	Broken Link URL Repurposed
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203	Exploit Third Party Advisory
https://www.dlink.com/en/security-bulletin/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-16T19:02:03

Updated: 2021-06-16T19:02:03

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-34203

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-16T20:15:07.610

Modified: 2024-02-14T01:17:43.863

Link: CVE-2021-34203

JSON object: View

Redhat Information

No data.

CWE

CWE-1188

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T19:02:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://d-link.com"}, {"tags": ["x_refsource_MISC"], "url": "https://www.dlink.com/en/security-bulletin/"}, {"tags": ["x_refsource_MISC"], "url": "http://dir-2640-us.com"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-34203", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://d-link.com", "refsource": "MISC", "url": "http://d-link.com"}, {"name": "https://www.dlink.com/en/security-bulletin/", "refsource": "MISC", "url": "https://www.dlink.com/en/security-bulletin/"}, {"name": "http://dir-2640-us.com", "refsource": "MISC", "url": "http://dir-2640-us.com"}, {"name": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203", "refsource": "MISC", "url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-34203", "datePublished": "2021-06-16T19:02:03", "dateReserved": "2021-06-07T00:00:00", "dateUpdated": "2021-06-16T19:02:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-2640-us_firmware:1.01b04:*:*:*:*:*:*:*", "matchCriteriaId": "1E8DB0D1-B2E6-457A-A4A5-C6AE9EB82624", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*", "matchCriteriaId": "894C2BD1-B610-4F15-864E-92D6B515488D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed."}, {"lang": "es", "value": "D-Link DIR-2640-US versi\u00f3n 1.01B04 es vulnerable al Control de Acceso Incorrecto. El router ac2600 (dir-2640-us), cuando se configura PPPoE, iniciar\u00e1 el proceso quagga en la manera de monitorizaci\u00f3n de toda la red, y esta funci\u00f3n usa la contrase\u00f1a y el puerto originales predeterminado. Un atacante puede usar f\u00e1cilmente telnet para iniciar sesi\u00f3n, modificar la informaci\u00f3n de enrutamiento, monitorear el tr\u00e1fico de todos los dispositivos bajo el router, secuestrar el DNS y los ataques de phishing. Adem\u00e1s, es probable que esta interfaz sea cuestionada por los clientes como una puerta trasera, ya que la interfaz no deber\u00eda estar expuesta"}], "id": "CVE-2021-34203", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-16T20:15:07.610", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://d-link.com"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "URL Repurposed"], "url": "http://dir-2640-us.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.dlink.com/en/security-bulletin/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "nvd@nist.gov", "type": "Primary"}]}