CVE-2021-34202

There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
dlinkdir-2640-us_firmware
1.01b04:b04
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://d-link.com
http://dir-2640-us.com
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202
https://www.dlink.com/en/security-bulletin/
http://d-link.com
http://dir-2640-us.com
https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-34202
https://www.dlink.com/en/security-bulletin/