CVE-2021-34204

Published: Jun 16, 2021Modified: Jun 17, 2026

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.

Affected (1)

Products: Dlink: Dir 2640 Us Firmware

1 product

Dir 2640 Us Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dlink Dir 2640 Us Firmware	Version 1.01b04

Running on/with	Platform Versions
Dlink Dir 2640 Us	All versions

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (8)

http://d-link.com

Source: cve@mitre.org

Broken Link

http://dir-2640-us.com

Source: cve@mitre.org

Broken LinkURL Repurposed

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.dlink.com/en/security-bulletin/

Source: cve@mitre.org

Vendor Advisory

http://d-link.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://dir-2640-us.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkURL Repurposed

https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34204

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.dlink.com/en/security-bulletin/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.