CVE-2021-40655 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

D-Link DIR-605 Router Information Disclosure Vulnerability

Exploit added

May 16, 2024

Action due

June 6, 2024

Action required

This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions.

Description

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-863	Incorrect Authorization

Known Affected Software Configurations

cpe:2.3:o:dlink:dir-605l_firmware:2.01mt:::::::*

Details

Source:
NVD

Published:
September 24, 2021

Updated:
July 3, 2024

Risk information

CVSS v3

Base score:
7.5

Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2

Base score:
5

Severity:

MEDIUM

Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N