CVE-2021-20132

Sažetak

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded credentials, which can allow a remote attacker to gain administrative access to the zebra or ripd those services. Both are running with root privileges on the router (i.e., as the "admin" user, UID 0).

Reference

CVSS

Base:	8.3
Impact:	10.0
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:A/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-01-2022 - 20:03

Objavljeno

30-12-2021 - 22:15