Описание
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.
Ссылки
- Broken Link
- Broken LinkURL Repurposed
- ExploitThird Party Advisory
- Vendor Advisory
- Broken Link
- Broken LinkURL Repurposed
- ExploitThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одновременно
EPSS
6.8 Medium
CVSS3
7.2 High
CVSS2
Дефекты
Связанные уязвимости
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Credentials. D-Link AC2600(DIR-2640) stores the device system account password in plain text. It does not use linux user management. In addition, the passwords of all devices are the same, and they cannot be modified by normal users. An attacker can easily log in to the target router through the serial port and obtain root privileges.
Уязвимость микропрограммного обеспечения маршрутизатора D-Link DIR-2640-US, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю повысить свои привилегии до уровня root
EPSS
6.8 Medium
CVSS3
7.2 High
CVSS2