CVE-2021-20132

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).

CVSS v3 8.8 HIGH
CVSS v2.0 8.3 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.tenable.com/security/research/tra-2021-44	Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2021-44	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-2640-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:45

Type	Values Removed	Values Added
References	~~() https://www.tenable.com/security/research/tra-2021-44 - Exploit, Third Party Advisory~~	() https://www.tenable.com/security/research/tra-2021-44 - Exploit, Third Party Advisory

12 Jan 2022, 20:03

Type	Values Removed	Values Added
CVSS	v2 : ~~10.0~~ v3 : ~~9.8~~	v2 : 8.3 v3 : 8.8

12 Jan 2022, 17:26

Type	Values Removed	Values Added
CWE		CWE-798
References	~~(MISC) https://www.tenable.com/security/research/tra-2021-44 -~~	(MISC) https://www.tenable.com/security/research/tra-2021-44 - Exploit, Third Party Advisory
CPE		cpe:2.3:o:dlink:dir-2640-us_firmware:::::::: cpe:2.3:h:dlink:dir-2640-us:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 10.0 v3 : 9.8

30 Dec 2021, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-30 22:15

Updated : 2024-11-21 05:45

NVD link : CVE-2021-20132

Mitre link : CVE-2021-20132

CVE.ORG link : CVE-2021-20132

JSON object : View

Products Affected

dlink

dir-2640-us_firmware
dir-2640-us

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2021-20132", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-12-30T22:15:07.863", "references": [{"url": "https://www.tenable.com/security/research/tra-2021-44", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2021-44", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the \"admin\" user, UID 0)."}, {"lang": "es", "value": "Los servicios de Quagga en el D-Link DIR-2640 menores o iguales a versi\u00f3n 1.11B02, usan credenciales predeterminadas embebidas, que pueden permitir a un atacante remoto conseguir acceso administrativo a zebra o al ripd de esos servicios. Ambos son ejecutados con privilegios de root en el router (es decir, como el usuario \"admin\", UID 0)."}], "lastModified": "2024-11-21T05:45:59.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-2640-us_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACE0B76E-0581-4A2B-92D2-A1D7A93B098E", "versionEndIncluding": "1.11b02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "894C2BD1-B610-4F15-864E-92D6B515488D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}