Vulnerability Description
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dlink | Dir-2640-Us Firmware | 1.01b04 |
| Dlink | Dir-2640-Us | - |
Related Weaknesses (CWE)
References
- http://d-link.comVendor Advisory
- http://dir-2640-us.comBroken LinkURL Repurposed
- https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202ExploitThird Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
- http://d-link.comVendor Advisory
- http://dir-2640-us.comBroken LinkURL Repurposed
- https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202ExploitThird Party Advisory
- https://www.dlink.com/en/security-bulletin/Vendor Advisory
FAQ
What is CVE-2021-34202?
CVE-2021-34202 is a vulnerability with a CVSS score of 7.8 (HIGH). There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary c...
How severe is CVE-2021-34202?
CVE-2021-34202 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34202?
Check the references section above for vendor advisories and patch information. Affected products include: Dlink Dir-2640-Us Firmware, Dlink Dir-2640-Us.