CRITICAL✓ PATCH🇬🇧 English

CVE-2021-39615

CVSS 9.8v3.1pub. 2021-08-23upd. 2024-11-21

D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dlink Dsr 500n

    HW
    Dlink
    wszystkie wersje
  • Dlink Dsr 500n Firmware

    OS
    Dlink
    1.02
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2013-5945CRITICAL9.8ten sam produkt

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...

CVE-2020-25759HIGH8.8ten sam produkt

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router w...

CVE-2020-25757HIGH8.8ten sam produkt

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary i...

CVE-2020-25758HIGH8.8ten sam produkt

An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksum...

CVE-2013-5946HIGH10.0ten sam produkt

The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firm...