CVE-2021-34203

Published: Jun 16, 2021Modified: Jun 17, 2026

8.1

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify routing information, monitor the traffic of all devices under the router, hijack DNS and phishing attacks. In addition, this interface is likely to be questioned by customers as a backdoor, because the interface should not be exposed.

Affected (1)

Products: Dlink: Dir 2640 Us Firmware

1 product

Dir 2640 Us Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 2640 Us Firmware	Version 1.01b04

Running on/with	Platform Versions
Dlink Dir 2640 Us	All versions

Related CWEs

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

References (8)

http://d-link.com

Source: cve@mitre.org

Vendor Advisory

http://dir-2640-us.com

Source: cve@mitre.org

Broken LinkURL Repurposed

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.dlink.com/en/security-bulletin/

Source: cve@mitre.org

Vendor Advisory

http://d-link.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://dir-2640-us.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkURL Repurposed

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34203

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.dlink.com/en/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.