Main Vulnerability Database SB2021092431

SB2021092431 - Information disclosure in D-Link DIR-605

Published: September 24, 2021 Updated: November 22, 2024

Security Bulletin ID SB2021092431

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect authorization (CVE-ID: CVE-2021-40655)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect authorization in the getcfg.php page. A remote attacker can gain unauthorized access to sensitive information on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.dlink.com/en/security-bulletin/
https://github.com/Ilovewomen/D-LINK-DIR-605/
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10393