CVE-2021-27342

Опубликовано: 17 мая 2021

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack

Ссылки

https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html
Exploit
Third Party Advisory
https://github.com/guywhataguy/D-Link-CVE-2021-27342-exploit/blob/main/dlink-telnet-exploit-CVE-2021-27342.py
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10225
Vendor Advisory
https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html
Exploit
Third Party Advisory
https://github.com/guywhataguy/D-Link-CVE-2021-27342-exploit/blob/main/dlink-telnet-exploit-CVE-2021-27342.py
Exploit
Third Party Advisory
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10225
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dlink:dir-842e_firmware:*:*:*:*:*:*:*:*

Версия до 3.0.2 (включая)

cpe:2.3:h:dlink:dir-842e:r1:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.0743

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-255g-8gjp-2wq6

github

больше 3 лет назад