CVE-2021-20132

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).

CVSS v3 8.8 HIGH
CVSS v2.0 8.3 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.tenable.com/security/research/tra-2021-44	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-2640-us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-12-30 22:15

Updated : 2022-01-12 20:03

NVD link : CVE-2021-20132

Mitre link : CVE-2021-20132

CVE.ORG link : CVE-2021-20132

JSON object : View

Products Affected

dlink

dir-2640-us_firmware
dir-2640-us

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2021-20132", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-12-30T22:15:07.863", "references": [{"url": "https://www.tenable.com/security/research/tra-2021-44", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the \"admin\" user, UID 0)."}, {"lang": "es", "value": "Los servicios de Quagga en el D-Link DIR-2640 menores o iguales a versi\u00f3n 1.11B02, usan credenciales predeterminadas embebidas, que pueden permitir a un atacante remoto conseguir acceso administrativo a zebra o al ripd de esos servicios. Ambos son ejecutados con privilegios de root en el router (es decir, como el usuario \"admin\", UID 0)."}], "lastModified": "2022-01-12T20:03:23.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-2640-us_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACE0B76E-0581-4A2B-92D2-A1D7A93B098E", "versionEndIncluding": "1.11b02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-2640-us:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "894C2BD1-B610-4F15-864E-92D6B515488D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}