Vulnerability Description
Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the upload_certificate function of sbin/httpd binary. When the binary handle the specific HTTP GET request, the strrchr in the upload_certificate function would take NULL as first argument, and incur the NULL pointer dereference vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dap-2310 Firmware | 2.0.7.rc031 |
| Dlink | Dap-2310 | - |
| Dlink | Dap-2330 Firmware | 1.07.rc028 |
| Dlink | Dap-2330 | - |
| Dlink | Dap-2360 Firmware | 2.07.rc043 |
| Dlink | Dap-2360 | - |
| Dlink | Dap-2553 Firmware | 3.06.rc027 |
| Dlink | Dap-2553 | - |
| Dlink | Dap-2660 Firmware | 1.13.rc074 |
| Dlink | Dap-2660 | - |
| Dlink | Dap-2690 Firmware | 3.16.rc100 |
| Dlink | Dap-2690 | - |
| Dlink | Dap-2695 Firmware | 1.17.rc063 |
| Dlink | Dap-2695 | - |
| Dlink | Dap-3320 Firmware | 1.01.rc014 |
| Dlink | Dap-3320 | - |
| Dlink | Dap-3662 Firmware | 1.01.rc022 |
| Dlink | Dap-3662 | - |
Related Weaknesses (CWE)
References
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdfExploitThird Party Advisory
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdfThird Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve.pdfExploitThird Party Advisory
- https://github.com/zyw-200/EQUAFL/blob/main/dlink-email-cve2.pdfThird Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
FAQ
What is CVE-2021-28839?
CVE-2021-28839 is a vulnerability with a CVSS score of 7.5 (HIGH). Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC06...
How severe is CVE-2021-28839?
CVE-2021-28839 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28839?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dap-2310 Firmware, Dlink Dap-2310, Dlink Dap-2330 Firmware, Dlink Dap-2330, Dlink Dap-2360 Firmware.